Make IE conditional comment matching ungreedy.

Signed-off-by: Edward Z. Yang <[email protected]>
jeisc · Sep 28, 2010 · d848c99 · d848c99
1 parent 882ffed
commit d848c99
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 8 deletions.
diff --git a/NEWS b/NEWS
@@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+4.2.1, unknown release date
+- Make removal of conditional IE comments ungreedy; thanks Bernd
+  for reporting.
+
 4.2.0, released 2010-09-15
 ! Added %Core.RemoveProcessingInstructions, which lets you remove
   <? ... ?> statements.

diff --git a/library/HTMLPurifier/Lexer.php b/library/HTMLPurifier/Lexer.php
@@ -235,7 +235,7 @@ protected static function escapeCommentedCDATA($string) {
      */
     protected static function removeIEConditional($string) {
         return preg_replace(
-            '#<!--\[if [^>]+\]>.*<!\[endif\]-->#si', // probably should generalize for all strings
+            '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
             '',
             $string
         );

diff --git a/tests/HTMLPurifier/LexerTest.php b/tests/HTMLPurifier/LexerTest.php
@@ -727,21 +727,33 @@ function test_tokenizeHTML_removeProcessingInstruction() {
 
    function test_tokenizeHTML_removeNewline() {
         $this->config->set('Core.NormalizeNewlines', true);
-        $input = "plain\rtext\r\n";
-        $expect = array(
-            new HTMLPurifier_Token_Text("plain\ntext\n")
+        $this->assertTokenization(
+            "plain\rtext\r\n",
+            array(
+                new HTMLPurifier_Token_Text("plain\ntext\n")
+            )
         );
    }
 
    function test_tokenizeHTML_noRemoveNewline() {
         $this->config->set('Core.NormalizeNewlines', false);
-        $input = "plain\rtext\r\n";
-        $expect = array(
-            new HTMLPurifier_Token_Text("plain\rtext\r\n")
+        $this->assertTokenization(
+            "plain\rtext\r\n",
+            array(
+                new HTMLPurifier_Token_Text("plain\rtext\r\n")
+            )
         );
-        $this->assertTokenization($input, $expect);
      }
 
+    function test_tokenizeHTML_conditionalCommentUngreedy() {
+        $this->assertTokenization(
+            '<!--[if gte mso 9]>a<![endif]-->b<!--[if gte mso 9]>c<![endif]-->',
+            array(
+                new HTMLPurifier_Token_Text("b")
+            )
+        );
+    }
+
 
     /*