From 1d4a38d0553c9d9beb10cdd1df3f7a757d7f21b1 Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Tue, 28 Sep 2010 12:11:26 -0400
Subject: [PATCH] Escape CDATA before handling conditional comments.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 NEWS                           | 1 +
 library/HTMLPurifier/Lexer.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 53cfe242..d918c053 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ! Added %HTML.Nofollow to add rel="nofollow" to external links.
 - Make removal of conditional IE comments ungreedy; thanks Bernd
   for reporting.
+- Escape CDATA before removing Internet Explorer comments.
 
 4.2.0, released 2010-09-15
 ! Added %Core.RemoveProcessingInstructions, which lets you remove
diff --git a/library/HTMLPurifier/Lexer.php b/library/HTMLPurifier/Lexer.php
index bf800c86..9bdbbbb2 100644
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@@ -273,11 +273,11 @@ class HTMLPurifier_Lexer
             $html = $this->escapeCommentedCDATA($html);
         }
 
-        $html = $this->removeIEConditional($html);
-
         // escape CDATA
         $html = $this->escapeCDATA($html);
 
+        $html = $this->removeIEConditional($html);
+
         // extract body from document if applicable
         if ($config->get('Core.ConvertDocumentToFragment')) {
             $e = false;
-- 
2.11.4.GIT