fix: Ignore conditional comments (#401)

2024-09-16 17:35:19 +00:00 · 2024-03-12 22:41:45 -05:00 · 2024-03-12 22:41:45 -05:00 · 4828fdf45a
commit 4828fdf45a
parent 9ca5a3687b
2 changed files with 18 additions and 34 deletions
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@ -269,20 +269,6 @@ class HTMLPurifier_Lexer
        );
    }

-    /**
-     * Special Internet Explorer conditional comments should be removed.
-     * @param string $string HTML string to process.
-     * @return string HTML with conditional comments removed.
-     */
-    protected static function removeIEConditional($string)
-    {
-        return preg_replace(
-            '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
-            '',
-            $string
-        );
-    }
-
    /**
     * Callback function for escapeCDATA() that does the work.
     *
@ -323,8 +309,6 @@ class HTMLPurifier_Lexer
        // escape CDATA
        $html = $this->escapeCDATA($html);

-        $html = $this->removeIEConditional($html);
-
        // extract body from document if applicable
        if ($config->get('Core.ConvertDocumentToFragment')) {
            $e = false;
--- a/tests/HTMLPurifier/LexerTest.php
+++ b/tests/HTMLPurifier/LexerTest.php
@ -380,6 +380,24 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
        );
    }

+    /**
+     * Conditional comments are not supported by HTMLPurifier, but we
+     * should make sure they don't break the lexer.
+     */
+    public function test_tokenizeHTML_conditionalComments()
+    {
+        $this->assertTokenization(
+            '<!--[if mso]>A<![endif]-->B<!--[if !mso]><!---->C<!-- <![endif]-->',
+            array(
+                new HTMLPurifier_Token_Comment('[if mso]>A<![endif]'),
+                new HTMLPurifier_Token_Text("B"),
+                new HTMLPurifier_Token_Comment('[if !mso]><!--'),
+                new HTMLPurifier_Token_Text("C"),
+                new HTMLPurifier_Token_Comment(' <![endif]'),
+            )
+        );
+    }
+
    public function test_tokenizeHTML_unterminatedTag()
    {
        $this->assertTokenization(
@ -785,14 +803,6 @@ div {}
        );
    }

-    public function test_tokenizeHTML_ignoreIECondComment()
-    {
-        $this->assertTokenization(
-            '<!--[if IE]>foo<a>bar<!-- baz --><![endif]-->',
-            array()
-        );
-    }
-
    public function test_tokenizeHTML_removeProcessingInstruction()
    {
        $this->config->set('Core.RemoveProcessingInstructions', true);
@ -824,16 +834,6 @@ div {}
        );
     }

-    public function test_tokenizeHTML_conditionalCommentUngreedy()
-    {
-        $this->assertTokenization(
-            '<!--[if gte mso 9]>a<![endif]-->b<!--[if gte mso 9]>c<![endif]-->',
-            array(
-                new HTMLPurifier_Token_Text("b")
-            )
-        );
-    }
-
    public function test_tokenizeHTML_imgTag()
    {
        $start = array(