From 4828fdf45a93eeeacfcbcc855f96f9a7e6b4ed44 Mon Sep 17 00:00:00 2001
From: Kent Oyer <kent.oyer@gmail.com>
Date: Tue, 12 Mar 2024 22:41:45 -0500
Subject: [PATCH] fix: Ignore conditional comments (#401)

---
 library/HTMLPurifier/Lexer.php   | 16 --------------
 tests/HTMLPurifier/LexerTest.php | 36 ++++++++++++++++----------------
 2 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/library/HTMLPurifier/Lexer.php b/library/HTMLPurifier/Lexer.php
index 1f552a17..fe87fa4b 100644
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@@ -269,20 +269,6 @@ class HTMLPurifier_Lexer
         );
     }
 
-    /**
-     * Special Internet Explorer conditional comments should be removed.
-     * @param string $string HTML string to process.
-     * @return string HTML with conditional comments removed.
-     */
-    protected static function removeIEConditional($string)
-    {
-        return preg_replace(
-            '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
-            '',
-            $string
-        );
-    }
-
     /**
      * Callback function for escapeCDATA() that does the work.
      *
@@ -323,8 +309,6 @@ class HTMLPurifier_Lexer
         // escape CDATA
         $html = $this->escapeCDATA($html);
 
-        $html = $this->removeIEConditional($html);
-
         // extract body from document if applicable
         if ($config->get('Core.ConvertDocumentToFragment')) {
             $e = false;
diff --git a/tests/HTMLPurifier/LexerTest.php b/tests/HTMLPurifier/LexerTest.php
index 12b46dd4..2db6285f 100644
--- a/tests/HTMLPurifier/LexerTest.php
+++ b/tests/HTMLPurifier/LexerTest.php
@@ -380,6 +380,24 @@ class HTMLPurifier_LexerTest extends HTMLPurifier_Harness
         );
     }
 
+    /**
+     * Conditional comments are not supported by HTMLPurifier, but we
+     * should make sure they don't break the lexer.
+     */
+    public function test_tokenizeHTML_conditionalComments()
+    {
+        $this->assertTokenization(
+            '<!--[if mso]>A<![endif]-->B<!--[if !mso]><!---->C<!-- <![endif]-->',
+            array(
+                new HTMLPurifier_Token_Comment('[if mso]>A<![endif]'),
+                new HTMLPurifier_Token_Text("B"),
+                new HTMLPurifier_Token_Comment('[if !mso]><!--'),
+                new HTMLPurifier_Token_Text("C"),
+                new HTMLPurifier_Token_Comment(' <![endif]'),
+            )
+        );
+    }
+
     public function test_tokenizeHTML_unterminatedTag()
     {
         $this->assertTokenization(
@@ -785,14 +803,6 @@ div {}
         );
     }
 
-    public function test_tokenizeHTML_ignoreIECondComment()
-    {
-        $this->assertTokenization(
-            '<!--[if IE]>foo<a>bar<!-- baz --><![endif]-->',
-            array()
-        );
-    }
-
     public function test_tokenizeHTML_removeProcessingInstruction()
     {
         $this->config->set('Core.RemoveProcessingInstructions', true);
@@ -824,16 +834,6 @@ div {}
         );
      }
 
-    public function test_tokenizeHTML_conditionalCommentUngreedy()
-    {
-        $this->assertTokenization(
-            '<!--[if gte mso 9]>a<![endif]-->b<!--[if gte mso 9]>c<![endif]-->',
-            array(
-                new HTMLPurifier_Token_Text("b")
-            )
-        );
-    }
-
     public function test_tokenizeHTML_imgTag()
     {
         $start = array(