Make WordPress Core

Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#60406 closed defect (bug) (fixed)

HTML API: CDATA Lookalike comments match invalid CDATA

Reported by: jonsurrell's profile jonsurrell Owned by: jonsurrell's profile jonsurrell
Milestone: 6.5 Priority: normal
Severity: normal Version: 6.5
Component: HTML API Keywords: has-patch has-unit-tests
Focuses: Cc:


<![CDATA[…]> is incorrectly treated as a CDATA lookalike comment. It will be parsed as a comment, but would never be a valid CDATA section because it is missing a closing brace. It must have ]]> to close the section.

See CDATA sections.

CDATA sections must consist of the following components, in this order:

The string "<![CDATA[".
Optionally, text, with the additional restriction that the text must not contain the string "]]>".
The string "]]>".

Change History (5)

This ticket was mentioned in PR #5992 on WordPress/wordpress-develop by @jonsurrell.

5 months ago

  • Keywords has-patch has-unit-tests added

@jonsurrell commented on PR #5992:

5 months ago

@dmsnell A small fix here to review 👋

#3 @dmsnell
5 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 57506:

HTML API: Fix CDATA lookalike matching invalid CDATA

When next_token() was introduced to the HTML Tag Processor, it started
classifying comments that look like they were intended to be CDATA sections.
In one of the changes made during development, however, a typo slipped
through code review that treated comments as CDATA even if they only
ended in ]> and not the required ]]>.

The consequences of this defect were minor because in all cases these are
treated as HTML comments from invalid syntax, but this patch adds the
missing check to ensure the proper reporting of CDATA-lookalikes.

Follow-up to [57348]

Props jonsurrell
Fixes #60406

#5 @dmsnell
5 months ago

  • Milestone changed from Awaiting Review to 6.5
  • Version set to trunk
Note: See TracTickets for help on using tickets.