http://codereview.appspot.com/3280043/diff/11001/src/com/google/caja/parser/html/Nodes.java File src/com/google/caja/parser/html/Nodes.java (right):
http://codereview.appspot.com/3280043/diff/11001/src/com/google/caja/parser/html/Nodes.java#newcode373 src/com/google/caja/parser/html/Nodes.java:373: mode != MarkupRenderMode.HTML4_BACKWARDS_COMPAT) { I cannot find the reference right now but I am pretty sure html4 spec also says that a "</" ends a CDATA section. For example: <script> alert("</script><script>top.location='http://www.thinkfu.com';//"); </script> ...appears to be a script that contains a single (harmless) CDATA section but really is two scripts, the latter redirects. http://codereview.appspot.com/3280043/diff/11001/tests/com/google/caja/parser/html/DomParserTest.java File tests/com/google/caja/parser/html/DomParserTest.java (right): http://codereview.appspot.com/3280043/diff/11001/tests/com/google/caja/parser/html/DomParserTest.java#newcode280 tests/com/google/caja/parser/html/DomParserTest.java:280: assertEquals(TEST_NAME + ":4+66: End of file seen inside an " Please use assertMessage instead. http://codereview.appspot.com/3280043/
