Methods attempted so far:
Loofah::HTML5::WhiteList::ACCEPTABLE_CSS_FUNCTIONS.add 'url'
Loofah::HTML5::WhiteList::ACCEPTABLE_CSS_PROPERTIES.add 'background-image'
However,
Rails::Html::WhiteListSanitizer.new.sanitize_css 'background-image: url(https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png);'
returns ""
Experimenting with rgb:
Rails::Html::WhiteListSanitizer.new.sanitize_css 'background-image: rgb(https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png);'
yields
'background-image:rgb(https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png);'
The same outcomes are observed with Loofah::HTML5::Scrub.scrub_css
.
Lofah version : 2.13.0
Rails version : 6.1.4.4
Verified in Rails Console