Fix bug where valid content between HTML comments could have been ski…

…pped in some cases (#6464)
roundcube · Sep 27, 2018 · 0a0ac04 · 0a0ac04
1 parent c1e8bd7
commit 0a0ac04
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/CHANGELOG b/CHANGELOG
@@ -21,6 +21,7 @@ CHANGELOG Roundcube Webmail
 - Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
 - New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
 - Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
+- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
 
 RELEASE 1.4-beta
 ----------------

diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php
@@ -643,6 +643,9 @@ private function cleanup($html)
 
         $html = str_replace($badwordchars, $fixedwordchars, $html);
 
+        // FIXME: HTML comments handling could be better. The code below can break comments (#6464),
+        //        we should probably do not modify content inside comments at all.
+
         // fix (unknown/malformed) HTML tags before "wash"
         $html = preg_replace_callback('/(<(?!\!)[\/]*)([^\s>]+)([^>]*)/', array($this, 'html_tag_callback'), $html);
 
@@ -665,9 +668,15 @@ private function cleanup($html)
      */
     public static function html_tag_callback($matches)
     {
+        // It might be an ending of a comment, ignore (#6464)
+        if (substr($matches[3], -2) == '--') {
+            $matches[0] = '';
+            return implode('', $matches);
+        }
+
         $tagname = $matches[2];
         $tagname = preg_replace(array(
-            '/:.*$/',               // Microsoft's Smart Tags <st1:xxxx>
+            '/:.*$/',                // Microsoft's Smart Tags <st1:xxxx>
             '/[^a-z0-9_\[\]\!?-]/i', // forbidden characters
         ), '', $tagname);
 

diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php
@@ -98,6 +98,11 @@ function test_comments()
         $washed = $this->cleanupResult($washer->wash($html));
 
         $this->assertEquals('<p>para1</p><p>para2</p>', $washed, "HTML comments - bracket inside");
+
+        $html   = "<p><!-- span>1</span -->\n<span>2</span>\n<!-- >3</span --><span>4</span></p>";
+        $washed = $this->cleanupResult($washer->wash($html));
+
+        $this->assertEquals("<p>\n<span>2</span>\n<span>4</span></p>", $washed, "HTML comments (#6464)");
     }
 
     /**