diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngSanitize/sanitize.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js index 3d904ad1..ffee51df 100644 --- a/src/ngSanitize/sanitize.js +++ b/src/ngSanitize/sanitize.js @@ -210,9 +210,10 @@ function htmlParser( html, handler ) { // Comment if ( html.indexOf("<!--") === 0 ) { - index = html.indexOf("-->"); + // comments containing -- are not allowed unless they terminate the comment + index = html.indexOf("--", 4); - if ( index >= 0 ) { + if ( index >= 0 && html.lastIndexOf("-->", index) === index) { if (handler.comment) handler.comment( html.substring( 4, index ) ); html = html.substring( index + 3 ); chars = false; |