Strangely stripping inline style font-family with a dash in it

[bbugh]

Given this fragment of HTML

<span style="font-size: 36px; font-family: 'AvenirNext-Regular';">This style gets stripped</span>
<span style="font-size: 36px; font-family: 'Avenir Next';">This style does not get stripped</span>

When using Loofah to do any kind of stripping:

Loofah.fragment(text).scrub!(:strip)
Loofah.fragment(text).scrub!(:prune)

The span with the font-family that has a dash in it gets stripped, but the one without the dash does not:

<span>This style gets stripped</span>
<span style="font-size: 36px; font-family: 'Avenir Next';">This style does not get stripped</span>

If I arbitrarily add a dash to the second one:

<span style="font-size: 36px; font-family: 'AvenirNext-Regular';">This style gets stripped</span>
<span style="font-size: 36px; font-family: 'Avenir-Next';">This style does not get stripped</span>
                                         add dash ^

It also gets scrubbed:

<span>This style gets stripped</span>
<span>This style does not get stripped</span>

[flavorjones]

Thanks for reporting this! Certainly strange and undesirable behavior. I would certainly call this a bug. Looking into it now.

[flavorjones]

This appears to have been fixed in v2.1.0 by the introduction of Crass as the underlying CSS parser. Sorry for the delay in replying!

[aert]

Hey @flavorjones keep up the good work !

I noticed that both text in the examples get stripped in Loofah 2.9.0, I suspect this line: https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/scrub.rb#L94

Is it intended ?

[flavorjones]

@aert Let's continue the conversation in #202