From f8a4c92b978af900fa3338205d7c2e39bcd40825 Mon Sep 17 00:00:00 2001
From: Kevin <kevin@eagleeye.com>
Date: Thu, 15 Aug 2019 12:00:40 +0100
Subject: [PATCH 1/6] issue #88: Prevent infinite looping on empty/short HTML
 comment

---
 src/StripTags.php      |  2 +-
 test/StripTagsTest.php | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/StripTags.php b/src/StripTags.php
index 9ff89073..a5a9c673 100644
--- a/src/StripTags.php
+++ b/src/StripTags.php
@@ -188,7 +188,7 @@ public function filter($value)
             if (! preg_match('/--\s*>/s', $value)) {
                 $value = '';
             } else {
-                $value = preg_replace('/<(?:!(?:--[\s\S]*?--\s*)?(>))/s', '', $value);
+                $value = preg_replace('/<(?:!(?:---?(?:[\s\S]*?--)?\s*)?>)/s', '', $value);
             }
 
             $value = $start . $value;
diff --git a/test/StripTagsTest.php b/test/StripTagsTest.php
index 665372c7..972856d9 100644
--- a/test/StripTagsTest.php
+++ b/test/StripTagsTest.php
@@ -511,6 +511,25 @@ public function testMultiQuoteInput()
         $this->assertEquals($expected, $filter->filter($input));
     }
 
+    public function testEmptyCommentTags()
+    {
+        $input    = 'Bad <!--> comment';
+        $expected = 'Bad  comment';
+        $this->assertEquals($expected, $this->_filter->filter($input));
+
+        $input    = 'Bad <!---> comment';
+        $expected = 'Bad  comment';
+        $this->assertEquals($expected, $this->_filter->filter($input));
+
+        $input    = 'Bad <!----> comment';
+        $expected = 'Bad  comment';
+        $this->assertEquals($expected, $this->_filter->filter($input));
+
+        $input    = 'Bad <!-- --> comment';
+        $expected = 'Bad  comment';
+        $this->assertEquals($expected, $this->_filter->filter($input));
+    }
+
      /**
      * @group ZF-10256
      */

From 2ecd9326ffd16fca45d7635f8300c30004c02af2 Mon Sep 17 00:00:00 2001
From: Kevin <kevin@eagleeye.com>
Date: Thu, 15 Aug 2019 14:38:53 +0100
Subject: [PATCH 2/6] #88: Unit tests to use a dataProvider

---
 test/StripTagsTest.php | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/test/StripTagsTest.php b/test/StripTagsTest.php
index 972856d9..167c457b 100644
--- a/test/StripTagsTest.php
+++ b/test/StripTagsTest.php
@@ -511,22 +511,24 @@ public function testMultiQuoteInput()
         $this->assertEquals($expected, $filter->filter($input));
     }
 
-    public function testEmptyCommentTags()
+    public function badCommentProvider()
     {
-        $input    = 'Bad <!--> comment';
-        $expected = 'Bad  comment';
-        $this->assertEquals($expected, $this->_filter->filter($input));
-
-        $input    = 'Bad <!---> comment';
-        $expected = 'Bad  comment';
-        $this->assertEquals($expected, $this->_filter->filter($input));
-
-        $input    = 'Bad <!----> comment';
-        $expected = 'Bad  comment';
-        $this->assertEquals($expected, $this->_filter->filter($input));
+        return [
+            ['Bad <!--> comment', 'Bad  comment'],
+            ['Bad <!---> comment', 'Bad  comment'],
+            ['Bad <!----> comment', 'Bad  comment'],
+            ['Bad <!-- --> comment', 'Bad  comment'],
+        ];
+    }
 
-        $input    = 'Bad <!-- --> comment';
-        $expected = 'Bad  comment';
+    /**
+     * @dataProvider badCommentProvider
+     *
+     * @param string $input
+     * @param string $expected
+     */
+    public function testBadCommentTags($input, $expected)
+    {
         $this->assertEquals($expected, $this->_filter->filter($input));
     }
 

From 759446f2d374b1206cd577419f5a029d9497a889 Mon Sep 17 00:00:00 2001
From: Kevin <kevin@eagleeye.com>
Date: Thu, 15 Aug 2019 15:53:59 +0100
Subject: [PATCH 3/6] #88: refactored loop that strips comments for better
 standards compliance

---
 src/StripTags.php      | 21 ++++++++++-----------
 test/StripTagsTest.php |  9 +++++----
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/StripTags.php b/src/StripTags.php
index a5a9c673..a17a37f4 100644
--- a/src/StripTags.php
+++ b/src/StripTags.php
@@ -179,19 +179,18 @@ public function filter($value)
         $value = (string) $value;
 
         // Strip HTML comments first
-        while (strpos($value, '<!--') !== false) {
-            $pos   = strrpos($value, '<!--');
-            $start = substr($value, 0, $pos);
-            $value = substr($value, $pos);
-
-            // If there is no comment closing tag, strip whole text
-            if (! preg_match('/--\s*>/s', $value)) {
-                $value = '';
+        $commentOpen = '<!--';
+        $commentOpenLen = strlen($commentOpen);
+        $commentClose = '-->';
+        $commentCloseLen = strlen($commentClose);
+        while (($start = strpos($value, $commentOpen)) !== false) {
+            $end = strpos($value, $commentClose, $start + $commentOpenLen);
+
+            if ($end === false) {
+                $value = substr($value, 0, $start);
             } else {
-                $value = preg_replace('/<(?:!(?:---?(?:[\s\S]*?--)?\s*)?>)/s', '', $value);
+                $value = substr($value, 0, $start) . substr($value, $end + $commentCloseLen);
             }
-
-            $value = $start . $value;
         }
 
         // Initialize accumulator for filtered data
diff --git a/test/StripTagsTest.php b/test/StripTagsTest.php
index 167c457b..d292be78 100644
--- a/test/StripTagsTest.php
+++ b/test/StripTagsTest.php
@@ -514,10 +514,11 @@ public function testMultiQuoteInput()
     public function badCommentProvider()
     {
         return [
-            ['Bad <!--> comment', 'Bad  comment'],
-            ['Bad <!---> comment', 'Bad  comment'],
-            ['Bad <!----> comment', 'Bad  comment'],
-            ['Bad <!-- --> comment', 'Bad  comment'],
+            ['A <!--> B', 'A '],  // Should be treated as just an open
+            ['A <!---> B', 'A '], // Should be treated as just an open
+            ['A <!----> B', 'A  B'],
+            ['A <!-- --> B', 'A  B'],
+            ['A <!--My favorite operators are > and <!--> B', 'A  B'],
         ];
     }
 

From 4ddfd2fa11c195965d1aec086ffd431e752c94c6 Mon Sep 17 00:00:00 2001
From: Kevin <kevin@eagleeye.com>
Date: Thu, 15 Aug 2019 16:03:02 +0100
Subject: [PATCH 4/6] #88: code tidy

---
 src/StripTags.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/StripTags.php b/src/StripTags.php
index a17a37f4..df2f2053 100644
--- a/src/StripTags.php
+++ b/src/StripTags.php
@@ -179,17 +179,17 @@ public function filter($value)
         $value = (string) $value;
 
         // Strip HTML comments first
-        $commentOpen = '<!--';
-        $commentOpenLen = strlen($commentOpen);
-        $commentClose = '-->';
-        $commentCloseLen = strlen($commentClose);
-        while (($start = strpos($value, $commentOpen)) !== false) {
-            $end = strpos($value, $commentClose, $start + $commentOpenLen);
+        $open     = '<!--';
+        $openLen  = strlen($open);
+        $close    = '-->';
+        $closeLen = strlen($close);
+        while (($start = strpos($value, $open)) !== false) {
+            $end = strpos($value, $close, $start + $openLen);
 
             if ($end === false) {
                 $value = substr($value, 0, $start);
             } else {
-                $value = substr($value, 0, $start) . substr($value, $end + $commentCloseLen);
+                $value = substr($value, 0, $start) . substr($value, $end + $closeLen);
             }
         }
 

From 1653fab512772c2ba73cacac6f3791f0226b1d01 Mon Sep 17 00:00:00 2001
From: Kevin <kevin@eagleeye.com>
Date: Fri, 16 Aug 2019 11:32:22 +0100
Subject: [PATCH 5/6] #88: Extra HTML comment tests

---
 test/StripTagsTest.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/StripTagsTest.php b/test/StripTagsTest.php
index d292be78..f794b8e5 100644
--- a/test/StripTagsTest.php
+++ b/test/StripTagsTest.php
@@ -518,6 +518,12 @@ public function badCommentProvider()
             ['A <!---> B', 'A '], // Should be treated as just an open
             ['A <!----> B', 'A  B'],
             ['A <!-- --> B', 'A  B'],
+            ['A <!--> B <!--> C', 'A  C'],
+            ['A <!-- -- > -- > -->', 'A '],
+            ["A <!-- B\n C\n D -->", 'A '],
+            ["A <!-- B\n <!-- C\n D --> E", 'A  E'],
+            ['A <!-- B <!-- C --> D --> E', 'A  D -- E'],
+            ["A <!--\n B\n <!-- C\n D \n\n\n--> E", 'A  E'],
             ['A <!--My favorite operators are > and <!--> B', 'A  B'],
         ];
     }

From 0ce8431051a58ba183718bc9696b416f61e7bc3c Mon Sep 17 00:00:00 2001
From: Kevin <kevin@eagleeye.com>
Date: Fri, 16 Aug 2019 11:42:14 +0100
Subject: [PATCH 6/6] #88: HTML comment test improvements

---
 test/StripTagsTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/StripTagsTest.php b/test/StripTagsTest.php
index f794b8e5..fd341362 100644
--- a/test/StripTagsTest.php
+++ b/test/StripTagsTest.php
@@ -519,8 +519,8 @@ public function badCommentProvider()
             ['A <!----> B', 'A  B'],
             ['A <!-- --> B', 'A  B'],
             ['A <!--> B <!--> C', 'A  C'],
-            ['A <!-- -- > -- > -->', 'A '],
-            ["A <!-- B\n C\n D -->", 'A '],
+            ['A <!-- -- > -- > --> B', 'A  B'],
+            ["A <!-- B\n C\n D --> E", 'A  E'],
             ["A <!-- B\n <!-- C\n D --> E", 'A  E'],
             ['A <!-- B <!-- C --> D --> E', 'A  D -- E'],
             ["A <!--\n B\n <!-- C\n D \n\n\n--> E", 'A  E'],