System.NullReferenceException on sanitize style

[mannfredz]

This HTML generates an exception ;

Sanitizer.Sanitize("<div style=\"border-width:1px;border-right-width:px;\"></div>");

System.NullReferenceException: Object reference not set to an instance of an object. at AngleSharp.Css.Values.CssPeriodicValue 1.get_CssText() at AngleSharp.Css.Dom.CssProperty.get_Value() at AngleSharp.Css.Dom.CssProperty.ToCss(TextWriter writer, IStyleFormatter formatter) at AngleSharp.Css.CssStyleFormatter.AngleSharp.IStyleFormatter.BlockDeclarations(IEnumerable 1 declarations) at AngleSharp.Css.Dom.CssStyleDeclaration.ToCssBlock(IStyleFormatter formatter) at AngleSharp.Css.Dom.CssStyleDeclaration.ToCss(TextWriter writer, IStyleFormatter formatter) at AngleSharp.FormatExtensions.ToCss(IStyleFormattable style, IStyleFormatter formatter) at Ganss.Xss.HtmlSanitizer.SanitizeStyle(IElement element, String baseUrl) at Ganss.Xss.HtmlSanitizer.DoSanitize(IHtmlDocument dom, IParentNode context, String baseUrl) at Ganss.Xss.HtmlSanitizer.SanitizeDom(String html, String baseUrl) at Ganss.Xss.HtmlSanitizer.Sanitize(String html, String baseUrl, IMarkupFormatter outputFormatter)

[tiesont]

Helps to provide some context:

• HtmlSanitizer version
• AngleSharp version(s)
• .NET version (.NET Framework or Core/Standard version)
• How your Sanitizer object is created

[mannfredz]

Hi,

• HtmlSanitizer version : 8.0.645
• AngleSharp version(s) : 1.0.1 (same issue with 0.17.1)
• .NET version (.NET Framework or Core/Standard version) : .NET Framework 4.8
• How your Sanitizer object is created

  HtmlSanitizer Sanitizer = new HtmlSanitizer();
  Sanitizer.Sanitize("<div style=\"border-width:1px;border-right-width:px;\"></div>");

[mganss]

This seems to be an issue within AngleSharp.Css. I have reported here: https://github.com/AngleSharp/AngleSharp.Css/issues/129

[mganss]

I've released 8.0.690-beta which depends on the fixed AngleSharp.Css version.