From 086e781b8fca06be331bc36eb91ebefe33a24a1c Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 22 Jun 2018 14:16:20 +0200
Subject: Fix bug where some HTML comments could have been malformed by HTML
 parser (#6333)

---
 CHANGELOG                               | 1 +
 program/lib/Roundcube/rcube_washtml.php | 6 +++---
 tests/Framework/Washtml.php             | 5 +++++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 0374c3685..68fa8b349 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -98,6 +98,7 @@ CHANGELOG Roundcube Webmail
 - Fix bug where unicode contact names could have been broken/emptied or caused DB errors (#6299)
 - Fix bug where after "mark all folders as read" action message counters were not reset (#6307)
 - Enigma: [EFAIL] Don't decrypt PGP messages with no MDC protection (#6289)
+- Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
 
 RELEASE 1.3.6
 -------------
diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
index fff1f44e8..856027265 100644
--- a/program/lib/Roundcube/rcube_washtml.php
+++ b/program/lib/Roundcube/rcube_washtml.php
@@ -660,9 +660,9 @@ class rcube_washtml
         $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html);
 
         // Remove invalid HTML comments (#1487759)
-        // Don't remove valid conditional comments
-        // Don't remove MSOutlook (<!-->) conditional comments (#1489004)
-        $html = preg_replace('/<!--[^-<>\[\n]+>/', '', $html);
+        // Note: We don't want to remove valid comments, conditional comments
+        // and MSOutlook comments (<!-->)
+        $html = preg_replace('/<!--[a-zA-Z0-9]+>/', '', $html);
 
         // fix broken nested lists
         self::fix_broken_lists($html);
diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
index 397eb718b..9879575a8 100644
--- a/tests/Framework/Washtml.php
+++ b/tests/Framework/Washtml.php
@@ -93,6 +93,11 @@ class Framework_Washtml extends PHPUnit_Framework_TestCase
         $washed = $this->cleanupResult($washer->wash($html));
 
         $this->assertEquals('<p>para1</p><p>para2</p>', $washed, "HTML comments - tags inside (#1489904)");
+
+        $html   = "<p>para1</p><!-- comment => comment --><p>para2</p>";
+        $washed = $this->cleanupResult($washer->wash($html));
+
+        $this->assertEquals('<p>para1</p><p>para2</p>', $washed, "HTML comments - bracket inside");
     }
 
     /**
-- 
cgit v1.2.3