Permalink
Browse files

Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed…

… CDATA tags (closes #10071) [esad, packagethief]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9111 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
dhh committed Mar 28, 2008
1 parent bdd8881 commit c57254d44930f43ccf300e8906bd46bd5aaf8ed3
View
@@ -1,5 +1,7 @@
*SVN*
* Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 [esad, packagethief]
* Improve documentation. [Radar, Jan De Poorter, chuyeow, xaviershay, danger, miloops, Xavier Noria, Sunny Ripert]
* Fixed that FormHelper#radio_button would produce invalid ids #11298 [harlancrystal]
@@ -54,7 +54,7 @@ def scan_tag
tag << (@scanner.scan_until(/--\s*>/) || @scanner.scan_until(/\Z/))
elsif @scanner.scan(/!\[CDATA\[/)
tag << @scanner.matched
tag << @scanner.scan_until(/\]\]>/)
tag << (@scanner.scan_until(/\]\]>/) || @scanner.scan_until(/\Z/))
elsif @scanner.scan(/!/) # doctype
tag << @scanner.matched
tag << consume_quoted_regions
@@ -78,6 +78,13 @@ def test_cdata_tag
assert_end
end
def test_unterminated_cdata_tag
tokenize %{<content:encoded><![CDATA[ neverending...}
assert_next %{<content:encoded>}
assert_next %{<![CDATA[ neverending...}
assert_end
end
def test_less_than_with_space
tokenize %{original < hello > world}
assert_next %{original }

0 comments on commit c57254d

Please sign in to comment.