Escape CDATA before handling conditional comments.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2024-11-09 15:28:40 +00:00 · 2010-09-28 12:11:26 -04:00 · 2010-09-28 12:11:26 -04:00 · 1d4a38d055
commit 1d4a38d055
parent 8c80349f9d
2 changed files with 3 additions and 2 deletions
--- a/1
+++ b/1
@ -13,6 +13,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Added %HTML.Nofollow to add rel="nofollow" to external links.
 - Make removal of conditional IE comments ungreedy; thanks Bernd
  for reporting.
+- Escape CDATA before removing Internet Explorer comments.

 4.2.0, released 2010-09-15
 ! Added %Core.RemoveProcessingInstructions, which lets you remove
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@ -273,11 +273,11 @@ class HTMLPurifier_Lexer
            $html = $this->escapeCommentedCDATA($html);
        }

-        $html = $this->removeIEConditional($html);
-
        // escape CDATA
        $html = $this->escapeCDATA($html);

+        $html = $this->removeIEConditional($html);
+
        // extract body from document if applicable
        if ($config->get('Core.ConvertDocumentToFragment')) {
            $e = false;