diff options
author | Aleksander Machniak <alec@alec.pl> | 2018-06-22 15:16:20 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2018-06-22 15:16:20 +0300 |
commit | 086e781b8fca06be331bc36eb91ebefe33a24a1c (patch) | |
tree | 3dcddd3446c069d557baad133bb8fadeb253d309 | |
parent | fa5023f8f60f3b07ef2da1907ebc980499107000 (diff) |
Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_washtml.php | 6 | ||||
-rw-r--r-- | tests/Framework/Washtml.php | 5 |
3 files changed, 9 insertions, 3 deletions
@@ -98,6 +98,7 @@ CHANGELOG Roundcube Webmail - Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299) - Fix bug where after "mark all folders as read" action message counters were not reset (#6307) - Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289) +- Fix bug where some HTML comments could have been malformed by HTML parser (#6333) RELEASE 1.3.6 ------------- diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index fff1f44e8..856027265 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -660,9 +660,9 @@ class rcube_washtml $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html); // Remove invalid HTML comments (#1487759) - // Don't remove valid conditional comments - // Don't remove MSOutlook (<!-->) conditional comments (#1489004) - $html = preg_replace('/<!--[^-<>\[\n]+>/', '', $html); + // Note: We don't want to remove valid comments, conditional comments + // and MSOutlook comments (<!-->) + $html = preg_replace('/<!--[a-zA-Z0-9]+>/', '', $html); // fix broken nested lists self::fix_broken_lists($html); diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php index 397eb718b..9879575a8 100644 --- a/tests/Framework/Washtml.php +++ b/tests/Framework/Washtml.php @@ -93,6 +93,11 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase $washed = $this->cleanupResult($washer->wash($html)); $this->assertEquals('<p>para1</p><p>para2</p>', $washed, "HTML comments - tags inside (#1489904)"); + + $html = "<p>para1</p><!-- comment => comment --><p>para2</p>"; + $washed = $this->cleanupResult($washer->wash($html)); + + $this->assertEquals('<p>para1</p><p>para2</p>', $washed, "HTML comments - bracket inside"); } /** |