fix(ngSanitize): sanitizer should not accept <!--> as a valid comment

According to http://validator.w3.org/ , <!--> is not a valid comment and neither is any comment containing the -- substring.
author: R. Merkert 2013-08-17 19:09:28 -0400
committer: Vojta Jina 2013-09-11 22:40:09 +0200
commit: 21e9e8cf68ef007136da6cc212d2f1f252fb668a (patch)
tree: 39bd8e8fb2c2b8fc267d714e4b85b7b6604c0e46 /src/ngSanitize/sanitize.js
parent: bf512bb8ee696f7644879cf0ba33e01cbf9e2153 (diff)
download: angular.js-21e9e8cf68ef007136da6cc212d2f1f252fb668a.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js
index 3d904ad1..ffee51df 100644
--- a/src/ngSanitize/sanitize.js
+++ b/src/ngSanitize/sanitize.js
@@ -210,9 +210,10 @@ function htmlParser( html, handler ) {
 
       // Comment
       if ( html.indexOf("<!--") === 0 ) {
-        index = html.indexOf("-->");
+        // comments containing -- are not allowed unless they terminate the comment
+        index = html.indexOf("--", 4);
 
-        if ( index >= 0 ) {
+        if ( index >= 0 && html.lastIndexOf("-->", index) === index) {
           if (handler.comment) handler.comment( html.substring( 4, index ) );
           html = html.substring( index + 3 );
           chars = false;
author	R. Merkert	2013-08-17 19:09:28 -0400
committer	Vojta Jina	2013-09-11 22:40:09 +0200
commit	21e9e8cf68ef007136da6cc212d2f1f252fb668a (patch)
tree	39bd8e8fb2c2b8fc267d714e4b85b7b6604c0e46 /src/ngSanitize/sanitize.js
parent	bf512bb8ee696f7644879cf0ba33e01cbf9e2153 (diff)
download	angular.js-21e9e8cf68ef007136da6cc212d2f1f252fb668a.tar.bz2