Do not ignore attributes allowed globally together with 'style' (#237)

Also, allowStyling() internally allows the 'style' attribute, so it is not
necessary to ignore it.

Author: Gabor Garancsi

src/main/java/org/owasp/html/HtmlPolicyBuilder.java

@@ -968,12 +968,11 @@ public AttributeBuilder matching(
      */
     @SuppressWarnings("synthetic-access")
     public HtmlPolicyBuilder globally() {
-      if(attributeNames.get(0).equals("style")) {
-        return allowStyling();
-      } else {
-        return HtmlPolicyBuilder.this.allowAttributesGlobally(
-            policy, attributeNames);
+      if (attributeNames.contains("style")) {
+          allowStyling();
       }
+      return HtmlPolicyBuilder.this.allowAttributesGlobally(policy,
+              attributeNames);
     }
 
     /**

src/test/java/org/owasp/html/SanitizersTest.java

@@ -500,6 +500,17 @@ public static final void testStyleGlobally() {
     String want = "<h1 style=\"color:green\">This is some green text</h1>";
     assertEquals(want, policyBuilder.sanitize(input));
   }
+
+  @Test
+  public static final void testStyleWithOtherAttributesGlobally() {
+    PolicyFactory policyBuilder = new HtmlPolicyBuilder()
+            .allowAttributes("style", "align").globally()
+            .allowElements("a", "label", "h1", "h2", "h3", "h4", "h5", "h6")
+            .toFactory();
+    String input = "<h1 style=\"color:green ;name:user ;\" align=\"center\">This is some green centered text</h1>";
+    String want = "<h1 style=\"color:green\" align=\"center\">This is some green centered text</h1>";
+    assertEquals(want, policyBuilder.sanitize(input));
+  }
 
   static int fac(int n) {
     int ifac = 1;