Tweak handling of HTML-comment like tokens inside script bodies.

Author: mikesamuel

src/main/java/org/owasp/html/HtmlStreamRenderer.java

@@ -336,9 +336,9 @@ private static int checkHtmlCdataCloseable(
  break;
  case '>':
  if (i >= 2 && sb.charAt(i - 2) == '-' && sb.charAt(i - 2) == '-') {
- if (innerStart < 0) { return i; }
+ if (innerStart < 0) { return i - 2; }
  // Merged start and end like <!--->
- if (innerStart + 6 >= i) { return i; }
+ if (innerStart + 6 > i) { return innerStart; }
  innerStart = -1;
  }
  break;

src/test/java/org/owasp/html/HtmlStreamRendererTest.java

@@ -237,6 +237,44 @@ public final void testHtml51SemanticsScriptingExample5Part2() throws Exception {
  errors.clear();
  }
 
+ public final void testMoreUnbalancedHtmlCommentsInScripts() throws Exception {
+ String js = "if (x-->y) { ... }\n";
+
+ renderer.openDocument();
+ renderer.openTag("script", ImmutableList.<String>of());
+ renderer.text(js);
+ renderer.closeTag("script");
+ renderer.closeDocument();
+
+ // We could actually allow this since --> is not banned per 4.12.1.3
+ assertEquals(
+ "<script></script>",
+ rendered.toString());
+ assertEquals(
+ "Invalid CDATA text content : -->y) { ..",
+ Joiner.on('\n').join(errors));
+ errors.clear();
+ }
+
+ public final void testShortHtmlCommentInScript() throws Exception {
+ String js = "// <!----> <!--->";
+
+ renderer.openDocument();
+ renderer.openTag("script", ImmutableList.<String>of());
+ renderer.text(js);
+ renderer.closeTag("script");
+ renderer.closeDocument();
+
+ // We could actually allow this since --> is not banned per 4.12.1.3
+ assertEquals(
+ "<script></script>",
+ rendered.toString());
+ assertEquals(
+ "Invalid CDATA text content : <!--->",
+ Joiner.on('\n').join(errors));
+ errors.clear();
+ }
+
  public final void testHtml51SemanticsScriptingExample5Part3() throws Exception {
  String js = "<!-- if ( player<script ) { ... } -->";
 
@@ -281,6 +319,24 @@ public final void testHtml51SemanticsScriptingExample5Part4() throws Exception {
  rendered.toString());
  }
 
+ public final void testHtmlCommentInRcdata() throws Exception {
+ String str = "// <!----> <!---> <!--";
+
+ renderer.openDocument();
+ renderer.openTag("title", ImmutableList.<String>of());
+ renderer.text(str);
+ renderer.closeTag("title");
+ renderer.openTag("textarea", ImmutableList.<String>of());
+ renderer.text(str);
+ renderer.closeTag("textarea");
+ renderer.closeDocument();
+
+ assertEquals(
+ "<title>// &lt;!----&gt; &lt;!---&gt; &lt;!--</title>"
+ + "<textarea>// &lt;!----&gt; &lt;!---&gt; &lt;!--</textarea>",
+ rendered.toString());
+ }
+
  public final void testTagInCdata() throws Exception {
  renderer.openDocument();
  renderer.openTag("script", ImmutableList.<String>of());