Attributes allowed globally together with "style" are lost

[corebonts]

Since the commit 020d5d0 all attributes that are allowed globally are ignored, if "style" is given as the first attribute.

Problematic code:

    public HtmlPolicyBuilder globally() {
      if(attributeNames.get(0).equals("style")) {
        return allowStyling();
      } else {
        return HtmlPolicyBuilder.this.allowAttributesGlobally(
            policy, attributeNames);
      }
    }

Proof

@Test
 public static final void testStyleWithOtherAttributesGlobally() {
   PolicyFactory policyBuilder = new HtmlPolicyBuilder()
           .allowAttributes("style", "align").globally()
           .allowElements("a", "label", "h1", "h2", "h3", "h4", "h5", "h6")
           .toFactory();
   String input = "<h1 style=\"color:green ;name:user ;\" align=\"center\">This is some green text</h1>";
   String want = "<h1 style=\"color:green\" align=\"center\">This is some green text</h1>";
   assertEquals(want, policyBuilder.sanitize(input));
 }

Note that align="center" is missing from the output.

I will file a PR to fix the issue

[sgesin]

Another problem that we're seeing with 020d5d0 is that it assumes the attributeNames list is non-empty. The proposed change in b493617 would help prevent having to write empty list checks prior to calling globally.

[corebonts]

That's true. I got some comments on my pull request but I will try to adjust it today so hopefully these things will be fixed soon.