http://codereview.appspot.com/3280043/diff/11001/src/com/google/caja/parser/html/Nodes.java
File src/com/google/caja/parser/html/Nodes.java (right):
http://codereview.appspot.com/3280043/diff/11001/src/com/google/caja/parser/html/Nodes.java#newcode373
src/com/google/caja/parser/html/Nodes.java:373: mode !=
MarkupRenderMode.HTML4_BACKWARDS_COMPAT) {
On 2010/12/21 07:46:48, jasvir wrote:
I cannot find the reference right now but I am pretty sure html4 spec
also says
that a "</" ends a CDATA section. For example:
<script>
alert("</script><script>top.location='http://www.thinkfu.com';//");
</script>
...appears to be a script that contains a single (harmless) CDATA
section but
really is two scripts, the latter redirects.
As discussed, replaced all occurances of "</" with "< /" in html mode.
http://codereview.appspot.com/3280043/diff/11001/tests/com/google/caja/parser/html/DomParserTest.java
File tests/com/google/caja/parser/html/DomParserTest.java (right):
http://codereview.appspot.com/3280043/diff/11001/tests/com/google/caja/parser/html/DomParserTest.java#newcode280
tests/com/google/caja/parser/html/DomParserTest.java:280:
assertEquals(TEST_NAME + ":4+66: End of file seen inside an "
On 2010/12/21 07:46:48, jasvir wrote:
Please use assertMessage instead.
Done.
http://codereview.appspot.com/3280043/
