Commit af12c395 authored by catch's avatar catch
Browse files

Issue #998590 by das-peter: Fixed Prevent double CDATA section escaping in...

Issue #998590 by das-peter: Fixed Prevent double CDATA section escaping in filter_dom_serialize_escape_cdata_element() to avoid warnings.
parent f73b43ff
......@@ -1107,8 +1107,15 @@ function filter_dom_serialize_escape_cdata_element($dom_document, $dom_element,
// See drupal_get_js(). This code is more or less duplicated there.
$embed_prefix = "\n<!--{$comment_start}--><![CDATA[{$comment_start} ><!--{$comment_end}\n";
$embed_suffix = "\n{$comment_start}--><!]]>{$comment_end}\n";
// Prevent invalid cdata escaping as this would throw a DOM error.
// This is the same behaviour as found in libxml2.
// Related W3C standard: http://www.w3.org/TR/REC-xml/#dt-cdsection
// Fix explanation: http://en.wikipedia.org/wiki/CDATA#Nesting
$data = str_replace(']]>', ']]]]><![CDATA[>', $node->data);
$fragment = $dom_document->createDocumentFragment();
$fragment->appendXML($embed_prefix . $node->data . $embed_suffix);
$fragment->appendXML($embed_prefix . $data . $embed_suffix);
$dom_element->appendChild($fragment);
$dom_element->removeChild($node);
}
......
......@@ -1637,6 +1637,79 @@ alert("test")
/* Styling */ body {color:red}
/*--><!]]>*/
</style></p>', t('HTML corrector -- CDATA added to a style element.'));
$filtered_data = _filter_htmlcorrector('<p><style>
/*<![CDATA[*/
/* Styling */
body {color:red}
/*]]>*/
</style></p>');
$this->assertEqual($filtered_data, '<p><style>
<!--/*--><![CDATA[/* ><!--*/
/*<![CDATA[*/
/* Styling */
body {color:red}
/*]]]]><![CDATA[>*/
/*--><!]]>*/
</style></p>',
t('HTML corrector -- Existing cdata section @pattern_name properly escaped', array('@pattern_name' => '/*<![CDATA[*/'))
);
$filtered_data = _filter_htmlcorrector('<p><style>
<!--/*--><![CDATA[/* ><!--*/
/* Styling */
body {color:red}
/*--><!]]>*/
</style></p>');
$this->assertEqual($filtered_data, '<p><style>
<!--/*--><![CDATA[/* ><!--*/
<!--/*--><![CDATA[/* ><!--*/
/* Styling */
body {color:red}
/*--><!]]]]><![CDATA[>*/
/*--><!]]>*/
</style></p>',
t('HTML corrector -- Existing cdata section @pattern_name properly escaped', array('@pattern_name' => '<!--/*--><![CDATA[/* ><!--*/'))
);
$filtered_data = _filter_htmlcorrector('<p><script type="text/javascript">
<!--//--><![CDATA[// ><!--
alert("test");
//--><!]]>
</script></p>');
$this->assertEqual($filtered_data, '<p><script type="text/javascript">
<!--//--><![CDATA[// ><!--
<!--//--><![CDATA[// ><!--
alert("test");
//--><!]]]]><![CDATA[>
//--><!]]>
</script></p>',
t('HTML corrector -- Existing cdata section @pattern_name properly escaped', array('@pattern_name' => '<!--//--><![CDATA[// ><!--'))
);
$filtered_data = _filter_htmlcorrector('<p><script type="text/javascript">
// <![CDATA[
alert("test");
// ]]>
</script></p>');
$this->assertEqual($filtered_data, '<p><script type="text/javascript">
<!--//--><![CDATA[// ><!--
// <![CDATA[
alert("test");
// ]]]]><![CDATA[>
//--><!]]>
</script></p>',
t('HTML corrector -- Existing cdata section @pattern_name properly escaped', array('@pattern_name' => '// <![CDATA['))
);
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment