From 33afd7d9e050121593d81a8a150bf2b4f5a49f8a Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Fri, 18 Jun 2010 06:08:54 -0700
Subject: [PATCH] Fix improper handling of IE conditional comments.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 NEWS                                          |  4 ++++
 library/HTMLPurifier/Lexer.php                | 13 +++++++++++++
 tests/HTMLPurifier/HTMLT/double-youtube.htmlt |  6 ++++++
 tests/HTMLPurifier/LexerTest.php              |  7 +++++++
 4 files changed, 30 insertions(+)
 create mode 100644 tests/HTMLPurifier/HTMLT/double-youtube.htmlt

diff --git a/NEWS b/NEWS
index 72f59b40..f08163d0 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
     . Internal change
 ==========================
 
+4.1.2, unknown release date
+- Fix improper handling of Internet Explorer conditional comments
+  by parser.  Thanks zmonteca for reporting.
+
 4.1.1, released 2010-05-31
 - Fix undefined index warnings in maintenance scripts.
 - Fix bug in DirectLex for parsing elements with a single attribute
diff --git a/library/HTMLPurifier/Lexer.php b/library/HTMLPurifier/Lexer.php
index b05e1154..e3522009 100644
--- a/library/HTMLPurifier/Lexer.php
+++ b/library/HTMLPurifier/Lexer.php
@@ -231,6 +231,17 @@ class HTMLPurifier_Lexer
     }
 
     /**
+     * Special Internet Explorer conditional comments should be removed.
+     */
+    protected static function removeIEConditional($string) {
+        return preg_replace(
+            '#<!--\[if [^>]+\]>.*<!\[endif\]-->#si', // probably should generalize for all strings
+            '',
+            $string
+        );
+    }
+
+    /**
      * Callback function for escapeCDATA() that does the work.
      *
      * @warning Though this is public in order to let the callback happen,
@@ -260,6 +271,8 @@ class HTMLPurifier_Lexer
             $html = $this->escapeCommentedCDATA($html);
         }
 
+        $html = $this->removeIEConditional($html);
+
         // escape CDATA
         $html = $this->escapeCDATA($html);
 
diff --git a/tests/HTMLPurifier/HTMLT/double-youtube.htmlt b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
new file mode 100644
index 00000000..dd22b18b
--- /dev/null
+++ b/tests/HTMLPurifier/HTMLT/double-youtube.htmlt
@@ -0,0 +1,6 @@
+--INI--
+HTML.SafeObject = true
+Output.FlashCompat = true
+--HTML--
+<object width="425" height="350" data="http://www.youtube.com/v/BdU--T8rLns" type="application/x-shockwave-flash"><param name="allowScriptAccess" value="never" /><param name="allowNetworking" value="internal" /><param name="movie" value="http://www.youtube.com/v/BdU--T8rLns" /><param name="wmode" value="window" /><!--[if IE]><embed width="425" height="350" src="http://www.youtube.com/v/BdU--T8rLns" allowScriptAccess="never" allowNetworking="internal" wmode="window" /><![endif]--></object>
+--# vim: et sw=4 sts=4
diff --git a/tests/HTMLPurifier/LexerTest.php b/tests/HTMLPurifier/LexerTest.php
index 8652c404..e6b0e0fb 100644
--- a/tests/HTMLPurifier/LexerTest.php
+++ b/tests/HTMLPurifier/LexerTest.php
@@ -710,6 +710,13 @@ div {}
         );
     }
 
+    function test_tokenizeHTML_ignoreIECondComment() {
+        $this->assertTokenization(
+            '<!--[if IE]>foo<a>bar<!-- baz --><![endif]-->',
+            array()
+        );
+    }
+
     /*
 
     function test_tokenizeHTML_() {
-- 
2.11.4.GIT