diff -uNr HTML-Scrubber-0.11/lib/HTML/Scrubber.pm HTML-Scrubber-0.11p/lib/HTML/Scrubber.pm
--- HTML-Scrubber-0.11/lib/HTML/Scrubber.pm 2013-10-11 17:12:16.000000000 +0300
+++ HTML-Scrubber-0.11p/lib/HTML/Scrubber.pm 2015-12-12 18:03:09.185180687 +0200
@@ -284,7 +284,10 @@
}
}
elsif ( $e eq 'comment' ) {
- $outstr .= $text if $s->{_comment};
+ if ( $s->{_comment} ) {
+ # only copy comments through if they are well formed...
+ $outstr .= $text if ( $text =~ m|^<!--.*-->$|ms );
+ }
}
elsif ( $e eq 'process' ) {
$outstr .= $text if $s->{_process};
diff -uNr HTML-Scrubber-0.11/t/jvn53973084.t HTML-Scrubber-0.11p/t/jvn53973084.t
--- HTML-Scrubber-0.11/t/jvn53973084.t 1970-01-01 03:00:00.000000000 +0300
+++ HTML-Scrubber-0.11p/t/jvn53973084.t 2015-12-12 18:04:45.674233805 +0200
@@ -0,0 +1,21 @@
+# Tests related to JVN53973084
+
+use strict;
+use warnings;
+use Test::More;
+
+use_ok('HTML::Scrubber');
+
+my @allow = qw[
+ hr
+];
+
+my $html_1 = q[<hr><a href="javascript:alert(1)"<hr>abc];
+my $html_2 = q[<img src="javascript:alert(1)"];
+foreach my $comment_value ( 0, 1 ) {
+ my $scrubber = HTML::Scrubber->new( allow => \@allow, comment => $comment_value );
+ is( $scrubber->scrub($html_1), '<hr>abc', "correct result (1) - with comment => $comment_value" );
+ is( $scrubber->scrub($html_2), '', "correct result (2) - with comment => $comment_value" );
+}
+
+done_testing;
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
bc9461fd7a9489de3ad63eba2e6cc7ac
>
files
>
1
