From cecc18420df4926772d34c194a9ea8d099c0e6af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <f@miniflux.net>
Date: Mon, 9 Jun 2025 20:34:41 -0700
Subject: [PATCH] feat(sanitizer): add validation for empty width and height
 attributes in img tags

---
 internal/reader/sanitizer/sanitizer.go      |  3 +++
 internal/reader/sanitizer/sanitizer_test.go | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/internal/reader/sanitizer/sanitizer.go b/internal/reader/sanitizer/sanitizer.go
index 5c0026f1..69e45b06 100644
--- a/internal/reader/sanitizer/sanitizer.go
+++ b/internal/reader/sanitizer/sanitizer.go
@@ -541,6 +541,9 @@ func isValidDataAttribute(value string) bool {
 }
 
 func isPositiveInteger(value string) bool {
+	if value == "" {
+		return false
+	}
 	if number, err := strconv.Atoi(value); err == nil {
 		return number > 0
 	}
diff --git a/internal/reader/sanitizer/sanitizer_test.go b/internal/reader/sanitizer/sanitizer_test.go
index 0628ec9d..9ce692e2 100644
--- a/internal/reader/sanitizer/sanitizer_test.go
+++ b/internal/reader/sanitizer/sanitizer_test.go
@@ -99,6 +99,16 @@ func TestImgWithIncorrectWidthAndHeightAttribute(t *testing.T) {
 	}
 }
 
+func TestImgWithEmptywidthAndHeightAttribute(t *testing.T) {
+	input := `<img src="https://example.org/image.png" width="" height="">`
+	expected := `<img src="https://example.org/image.png" loading="lazy">`
+	output := SanitizeHTMLWithDefaultOptions("http://example.org/", input)
+
+	if output != expected {
+		t.Errorf(`Wrong output: %s`, output)
+	}
+}
+
 func TestImgWithTextDataURL(t *testing.T) {
 	input := `<img src="data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==" alt="Example">`
 	expected := ``