Fix #363: CVE-2025-66021

Author: melloware

owasp-java-html-sanitizer/src/test/java/org/owasp/html/HtmlSanitizerTest.java

@@ -454,6 +454,25 @@ public static final void testStylingCornerCase() {
     assertEquals(want, sanitize(input));
   }
 
+  @Test
+  public static final void testCVE202566021_1() {
+    // Arrange
+    String actualPayload = "<noscript><style>/* user content */.x { font-size: 12px; }<div id=\"evil\">XSS?</div></style></noscript>";
+    String expectedPayload = "<noscript><style>/* user content */.x { font-size: 12px; }</style></noscript>";
+
+    HtmlPolicyBuilder htmlPolicyBuilder = new HtmlPolicyBuilder();
+    PolicyFactory vulnerablePolicy = htmlPolicyBuilder
+        .allowElements("style", "noscript")
+        .allowTextIn("style")
+        .toFactory();
+
+    // Act
+    String sanitized = vulnerablePolicy.sanitize(actualPayload);
+
+    // Assert
+    assertEquals(expectedPayload, sanitized);
+  }
+
   private static String sanitize(@Nullable String html) {
     StringBuilder sb = new StringBuilder();
     HtmlStreamRenderer renderer = HtmlStreamRenderer.create(