diff --git a/CHANGELOG.md b/CHANGELOG.md
index e5d38dac88b..eda1c407b0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,13 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
---
+## next / unreleased
+
+### Fixed
+
+* [CRuby] When serializing HTML5 documents, properly escape foreign content "style" elements. Normally, a "style" tag contains raw text that does not need entity-escaping, but when it appears in either SVG or MathML foreign content, the "style" tag is now correctly escaped when serialized. @flavorjones
+
+
## 1.15.6 / 2024-03-16
### Security
diff --git a/ext/nokogiri/xml_node.c b/ext/nokogiri/xml_node.c
index 47ca711fccc..a6a3ff3345e 100644
--- a/ext/nokogiri/xml_node.c
+++ b/ext/nokogiri/xml_node.c
@@ -1853,13 +1853,19 @@ is_one_of(xmlNodePtr node, char const *const *tagnames, size_t num_tagnames)
if (name == NULL) { // fragments don't have a name
return false;
}
+
+ if (node->ns != NULL) {
+ // if the node has a namespace, it's in a foreign context and is not one of the HTML tags we're
+ // matching against.
+ return false;
+ }
+
for (size_t idx = 0; idx < num_tagnames; ++idx) {
if (!strcmp(name, tagnames[idx])) {
return true;
}
}
return false;
-
}
static void
diff --git a/test/html5/test_serialize.rb b/test/html5/test_serialize.rb
index 3961e052c4e..b8cdfa7a4e6 100644
--- a/test/html5/test_serialize.rb
+++ b/test/html5/test_serialize.rb
@@ -553,4 +553,20 @@ def test_serializing_html5_fragment
refute(fragment.send(:prepend_newline?))
assert_equal("
hello
goodbye", fragment.to_html)
end
+
+ describe "foreign content style tag serialization is escaped" do
+ it "with svg parent" do
+ input = %{}
+
+ assert_equal(expected, Nokogiri::HTML5.fragment(input).to_html)
+ end
+
+ it "with math parent" do
+ input = %{}
+
+ assert_equal(expected, Nokogiri::HTML5.fragment(input).to_html)
+ end
+ end
end if Nokogiri.uses_gumbo?