diff -Nru ruby-loofah-2.3.1+dfsg/CHANGELOG.md ruby-loofah-2.4.0+dfsg/CHANGELOG.md
--- ruby-loofah-2.3.1+dfsg/CHANGELOG.md	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/CHANGELOG.md	2020-01-03 04:20:34.000000000 +0000
@@ -1,5 +1,14 @@
 # Changelog
 
+## 2.4.0 / 2019-11-25
+
+### Features
+
+* Allow CSS property `max-width` [#175] (Thanks, @bchaney!)
+* Allow CSS sizes expressed in `rem` [#176, #177]
+* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118]
+
+
 ## 2.3.1 / 2019-10-22
 
 ### Security
diff -Nru ruby-loofah-2.3.1+dfsg/debian/changelog ruby-loofah-2.4.0+dfsg/debian/changelog
--- ruby-loofah-2.3.1+dfsg/debian/changelog	2019-10-23 05:39:39.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/debian/changelog	2020-01-03 04:21:02.000000000 +0000
@@ -1,3 +1,10 @@
+ruby-loofah (2.4.0+dfsg-1) unstable; urgency=medium
+
+  * Team upload
+  * New upstream release
+
+ -- Hideki Yamane <henrich@debian.org>  Fri, 03 Jan 2020 13:21:02 +0900
+
 ruby-loofah (2.3.1+dfsg-1) unstable; urgency=high
 
   * Team upload
diff -Nru ruby-loofah-2.3.1+dfsg/Gemfile ruby-loofah-2.4.0+dfsg/Gemfile
--- ruby-loofah-2.3.1+dfsg/Gemfile	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/Gemfile	2020-01-03 04:20:34.000000000 +0000
@@ -7,16 +7,17 @@
 gem "nokogiri", ">=1.5.9"
 gem "crass", "~>1.0.2"
 
-gem "rake", ">=0.8", :group => [:development, :test]
+gem "rake", "~>12.3", :group => [:development, :test]
 gem "minitest", "~>2.2", :group => [:development, :test]
 gem "rr", "~>1.2.0", :group => [:development, :test]
-gem "json", ">=0", :group => [:development, :test]
-gem "hoe-gemspec", ">=0", :group => [:development, :test]
-gem "hoe-debugging", ">=0", :group => [:development, :test]
-gem "hoe-bundler", ">=0", :group => [:development, :test]
-gem "hoe-git", ">=0", :group => [:development, :test]
+gem "json", "~>2.2.0", :group => [:development, :test]
+gem "hoe-gemspec", "~>1.0", :group => [:development, :test]
+gem "hoe-debugging", "~>2.0", :group => [:development, :test]
+gem "hoe-bundler", "~>1.5", :group => [:development, :test]
+gem "hoe-git", "~>1.6", :group => [:development, :test]
 gem "concourse", ">=0.26.0", :group => [:development, :test]
+gem "rubocop", ">=0.76.0", :group => [:development, :test]
 gem "rdoc", ">=4.0", "<7", :group => [:development, :test]
-gem "hoe", "~>3.17", :group => [:development, :test]
+gem "hoe", "~>3.20", :group => [:development, :test]
 
 # vim: syntax=ruby
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/elements.rb ruby-loofah-2.4.0+dfsg/lib/loofah/elements.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/elements.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/elements.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'set'
 
 module Loofah
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/helpers.rb ruby-loofah-2.4.0+dfsg/lib/loofah/helpers.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/helpers.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/helpers.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   module Helpers
     class << self
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/html/document_fragment.rb ruby-loofah-2.4.0+dfsg/lib/loofah/html/document_fragment.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/html/document_fragment.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/html/document_fragment.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   module HTML # :nodoc:
     #
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/html/document.rb ruby-loofah-2.4.0+dfsg/lib/loofah/html/document.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/html/document.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/html/document.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   module HTML # :nodoc:
     #
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/html5/libxml2_workarounds.rb ruby-loofah-2.4.0+dfsg/lib/loofah/html5/libxml2_workarounds.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/html5/libxml2_workarounds.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/html5/libxml2_workarounds.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,4 +1,5 @@
 # coding: utf-8
+# frozen_string_literal: true
 require 'set'
 
 module Loofah
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/html5/safelist.rb ruby-loofah-2.4.0+dfsg/lib/loofah/html5/safelist.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/html5/safelist.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/html5/safelist.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require "set"
 
 module Loofah
@@ -573,6 +574,7 @@
                                             "line-height",
                                             "list-style",
                                             "list-style-type",
+                                            "max-width",
                                             "overflow",
                                             "pause",
                                             "pause-after",
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/html5/scrub.rb ruby-loofah-2.4.0+dfsg/lib/loofah/html5/scrub.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/html5/scrub.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/html5/scrub.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'cgi'
 require 'crass'
 
@@ -6,7 +7,7 @@
     module Scrub
 
       CONTROL_CHARACTERS = /[`\u0000-\u0020\u007f\u0080-\u0101]/
-      CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
+      CSS_KEYWORDISH = /\A(#[0-9a-fA-F]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|-?\d{0,3}\.?\d{0,10}(cm|r?em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
       CRASS_SEMICOLON = {:node => :semicolon, :raw => ";"}
 
       class << self
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/instance_methods.rb ruby-loofah-2.4.0+dfsg/lib/loofah/instance_methods.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/instance_methods.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/instance_methods.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   #
   #  Mixes +scrub!+ into Document, DocumentFragment, Node and NodeSet.
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/metahelpers.rb ruby-loofah-2.4.0+dfsg/lib/loofah/metahelpers.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/metahelpers.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/metahelpers.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   module MetaHelpers # :nodoc:
     def self.add_downcased_set_members_to_all_set_constants mojule
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/scrubber.rb ruby-loofah-2.4.0+dfsg/lib/loofah/scrubber.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/scrubber.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/scrubber.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   #
   #  A RuntimeError raised when Loofah could not find an appropriate scrubber.
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/scrubbers.rb ruby-loofah-2.4.0+dfsg/lib/loofah/scrubbers.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/scrubbers.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/scrubbers.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   #
   #  Loofah provides some built-in scrubbers for sanitizing with
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/xml/document_fragment.rb ruby-loofah-2.4.0+dfsg/lib/loofah/xml/document_fragment.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/xml/document_fragment.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/xml/document_fragment.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   module XML # :nodoc:
     #
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah/xml/document.rb ruby-loofah-2.4.0+dfsg/lib/loofah/xml/document.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah/xml/document.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah/xml/document.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Loofah
   module XML # :nodoc:
     #
diff -Nru ruby-loofah-2.3.1+dfsg/lib/loofah.rb ruby-loofah-2.4.0+dfsg/lib/loofah.rb
--- ruby-loofah-2.3.1+dfsg/lib/loofah.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/lib/loofah.rb	2020-01-03 04:20:34.000000000 +0000
@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 $LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__))) unless $LOAD_PATH.include?(File.expand_path(File.dirname(__FILE__)))
 
 require "nokogiri"
@@ -28,7 +29,7 @@
 #
 module Loofah
   # The version of Loofah you are using
-  VERSION = "2.3.1"
+  VERSION = "2.4.0"
 
   class << self
     # Shortcut for Loofah::HTML::Document.parse
diff -Nru ruby-loofah-2.3.1+dfsg/loofah.gemspec ruby-loofah-2.4.0+dfsg/loofah.gemspec
--- ruby-loofah-2.3.1+dfsg/loofah.gemspec	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/loofah.gemspec	2020-01-03 04:20:34.000000000 +0000
@@ -2,16 +2,17 @@
 # This file has been automatically generated by gem2tgz #
 #########################################################
 # -*- encoding: utf-8 -*-
-# stub: loofah 2.3.1 ruby lib
+# stub: loofah 2.4.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "loofah".freeze
-  s.version = "2.3.1"
+  s.version = "2.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.metadata = { "homepage_uri" => "https://github.com/flavorjones/loofah" } if s.respond_to? :metadata=
   s.require_paths = ["lib".freeze]
   s.authors = ["Mike Dalessio".freeze, "Bryan Helmkamp".freeze]
-  s.date = "2019-10-22"
+  s.date = "2019-11-25"
   s.description = "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri.\n\nLoofah excels at HTML sanitization (XSS prevention). It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)\n\nActiveRecord extensions for sanitization are available in the [`loofah-activerecord` gem](https://github.com/flavorjones/loofah-activerecord).".freeze
   s.email = ["mike.dalessio@gmail.com".freeze, "bryan@brynary.com".freeze]
   s.extra_rdoc_files = ["CHANGELOG.md".freeze, "MIT-LICENSE.txt".freeze, "Manifest.txt".freeze, "README.md".freeze, "SECURITY.md".freeze]
@@ -28,7 +29,7 @@
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_development_dependency(%q<concourse>.freeze, [">= 0.26.0"])
       s.add_runtime_dependency(%q<crass>.freeze, ["~> 1.0.2"])
-      s.add_development_dependency(%q<hoe>.freeze, ["~> 3.18"])
+      s.add_development_dependency(%q<hoe>.freeze, ["~> 3.20"])
       s.add_development_dependency(%q<hoe-bundler>.freeze, ["~> 1.5"])
       s.add_development_dependency(%q<hoe-debugging>.freeze, ["~> 2.0"])
       s.add_development_dependency(%q<hoe-gemspec>.freeze, ["~> 1.0"])
@@ -39,10 +40,11 @@
       s.add_development_dependency(%q<rake>.freeze, ["~> 12.3"])
       s.add_development_dependency(%q<rdoc>.freeze, ["< 7", ">= 4.0"])
       s.add_development_dependency(%q<rr>.freeze, ["~> 1.2.0"])
+      s.add_development_dependency(%q<rubocop>.freeze, [">= 0.76.0"])
     else
       s.add_dependency(%q<concourse>.freeze, [">= 0.26.0"])
       s.add_dependency(%q<crass>.freeze, ["~> 1.0.2"])
-      s.add_dependency(%q<hoe>.freeze, ["~> 3.18"])
+      s.add_dependency(%q<hoe>.freeze, ["~> 3.20"])
       s.add_dependency(%q<hoe-bundler>.freeze, ["~> 1.5"])
       s.add_dependency(%q<hoe-debugging>.freeze, ["~> 2.0"])
       s.add_dependency(%q<hoe-gemspec>.freeze, ["~> 1.0"])
@@ -53,11 +55,12 @@
       s.add_dependency(%q<rake>.freeze, ["~> 12.3"])
       s.add_dependency(%q<rdoc>.freeze, ["< 7", ">= 4.0"])
       s.add_dependency(%q<rr>.freeze, ["~> 1.2.0"])
+      s.add_dependency(%q<rubocop>.freeze, [">= 0.76.0"])
     end
   else
     s.add_dependency(%q<concourse>.freeze, [">= 0.26.0"])
     s.add_dependency(%q<crass>.freeze, ["~> 1.0.2"])
-    s.add_dependency(%q<hoe>.freeze, ["~> 3.18"])
+    s.add_dependency(%q<hoe>.freeze, ["~> 3.20"])
     s.add_dependency(%q<hoe-bundler>.freeze, ["~> 1.5"])
     s.add_dependency(%q<hoe-debugging>.freeze, ["~> 2.0"])
     s.add_dependency(%q<hoe-gemspec>.freeze, ["~> 1.0"])
@@ -68,5 +71,6 @@
     s.add_dependency(%q<rake>.freeze, ["~> 12.3"])
     s.add_dependency(%q<rdoc>.freeze, ["< 7", ">= 4.0"])
     s.add_dependency(%q<rr>.freeze, ["~> 1.2.0"])
+    s.add_dependency(%q<rubocop>.freeze, [">= 0.76.0"])
   end
 end
diff -Nru ruby-loofah-2.3.1+dfsg/Rakefile ruby-loofah-2.4.0+dfsg/Rakefile
--- ruby-loofah-2.3.1+dfsg/Rakefile	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/Rakefile	2020-01-03 04:20:34.000000000 +0000
@@ -28,6 +28,7 @@
   extra_dev_deps << ["hoe-bundler", "~> 1.5"]
   extra_dev_deps << ["hoe-git", "~> 1.6"]
   extra_dev_deps << ["concourse", ">=0.26.0"]
+  extra_dev_deps << ["rubocop", ">=0.76.0"]
 end
 
 task :gemspec do
@@ -75,6 +76,15 @@
   load "tasks/generate-safelists"
 end
 
+task :rubocop => [:rubocop_security, :rubocop_frozen_string_literals]
+task :rubocop_security do
+  sh "rubocop lib --only Security"
+end
+task :rubocop_frozen_string_literals do
+  sh "rubocop lib --auto-correct --only Style/FrozenStringLiteralComment"
+end
+Rake::Task[:test].prerequisites << :rubocop
+
 Concourse.new("loofah", fly_target: "ci") do |c|
   c.add_pipeline "loofah", "loofah.yml"
   c.add_pipeline "loofah-pr", "loofah-pr.yml"
diff -Nru ruby-loofah-2.3.1+dfsg/test/html5/test_sanitizer.rb ruby-loofah-2.4.0+dfsg/test/html5/test_sanitizer.rb
--- ruby-loofah-2.3.1+dfsg/test/html5/test_sanitizer.rb	2019-10-23 05:35:46.000000000 +0000
+++ ruby-loofah-2.4.0+dfsg/test/html5/test_sanitizer.rb	2020-01-03 04:20:34.000000000 +0000
@@ -294,6 +294,12 @@
     assert_match %r/0.3333333334em/, sane.inner_html
   end
 
+  def test_css_rem_value
+    html = "<span style=\"margin-top:10rem;\">"
+    sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
+    assert_match %r/10rem/, sane.inner_html
+  end
+
   def test_css_function_sanitization_leaves_safelisted_functions_calc
     html = "<span style=\"width:calc(5%)\">"
     sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :strip).to_html)
@@ -326,6 +332,13 @@
     assert_match %r/<span><\/span>/, sane.inner_html
   end
 
+  def test_css_max_width
+    html = '<div style="max-width: 100%;"></div>'
+    sane = Nokogiri::HTML(Loofah.scrub_fragment(html, :escape).to_xml)
+    assert_match %r/max-width/, sane.inner_html
+  end
+
+
   def test_issue_90_slow_regex
     skip("timing tests are hard to make pass and have little regression-testing value")