Google Git
Sign in
gwt / gwt / 5009f55c2833429d8d185f779bfc5a1586750a3d^! / .
commit5009f55c2833429d8d185f779bfc5a1586750a3d[log] [tgz]
authormdempsky@google.com <mdempsky@google.com@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Mon Dec 12 13:29:36 2011 +0000
committermdempsky@google.com <mdempsky@google.com@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Mon Dec 12 13:29:36 2011 +0000
tree31f326f8b5448c1b78777dc2d16616f96d3556ab
parent82a20e727420d8484c06287c0d6ec12ad47ac11f [diff]
Don't allow SafeHtml strings to end in a <script> or <style> context.

Review at http://gwt-code-reviews.appspot.com/1608803


git-svn-id: https://google-web-toolkit.googlecode.com/svn/trunk@10790 8db76d5a-ed1c-0410-87a9-c151d255dfc7

diff --git a/user/src/com/google/gwt/safehtml/shared/SafeHtmlHostedModeUtils.java b/user/src/com/google/gwt/safehtml/shared/SafeHtmlHostedModeUtils.java
index cdb4826..601504f 100644
--- a/user/src/com/google/gwt/safehtml/shared/SafeHtmlHostedModeUtils.java
+++ b/user/src/com/google/gwt/safehtml/shared/SafeHtmlHostedModeUtils.java

@@ -85,7 +85,8 @@
     } catch (ParseException e) {
       return false;
     }
-    return htmlParser.getState() == HtmlParser.STATE_TEXT;
+    return htmlParser.getState() == HtmlParser.STATE_TEXT
+        && !htmlParser.inJavascript() && !htmlParser.inCss();
   }
 
   /**

diff --git a/user/test/com/google/gwt/safehtml/shared/GwtSafeHtmlHostedModeUtilsTest.java b/user/test/com/google/gwt/safehtml/shared/GwtSafeHtmlHostedModeUtilsTest.java
index fcd5f26..df43bcb 100644
--- a/user/test/com/google/gwt/safehtml/shared/GwtSafeHtmlHostedModeUtilsTest.java
+++ b/user/test/com/google/gwt/safehtml/shared/GwtSafeHtmlHostedModeUtilsTest.java

@@ -47,6 +47,9 @@
       assertCheckCompleteHtmlFails("baz<em>foo</em> <x a=\"b\"");
       assertCheckCompleteHtmlFails("baz<em>foo</em> <x a=\"b\" ");
 
+      assertCheckCompleteHtmlFails("<script>");
+      assertCheckCompleteHtmlFails("<style>");
+
       SafeHtmlHostedModeUtils.maybeCheckCompleteHtml("baz<em>foo</em> <x a=\"b\"> ");
       SafeHtmlHostedModeUtils.maybeCheckCompleteHtml("baz<em>foo</em> <x a=\"b\">sadf");
       SafeHtmlHostedModeUtils.maybeCheckCompleteHtml("baz<em>foo</em> <x a=\"b\">");