Skip to content

Commit

Permalink
Add a "Malformed comment" check for invalid comments such as <!--> (#…
Browse files Browse the repository at this point in the history
…147)

`Document.new("<a><!-->")` raises `undefined method '[]' for nil`. This
commit fixes it and adds a test for it.
  • Loading branch information
makenowjust authored Jun 13, 2024
1 parent 1e31ffc commit d906ae2
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 3 deletions.
5 changes: 2 additions & 3 deletions lib/rexml/parsers/baseparser.rb
Original file line number Diff line number Diff line change
Expand Up @@ -406,12 +406,11 @@ def pull_event
if md[0][0] == ?-
md = @source.match(/--(.*?)-->/um, true)

case md[1]
when /--/, /-\z/
if md.nil? || /--|-\z/.match?(md[1])
raise REXML::ParseException.new("Malformed comment", @source)
end

return [ :comment, md[1] ] if md
return [ :comment, md[1] ]
else
md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
return [ :cdata, md[1] ] if md
Expand Down
13 changes: 13 additions & 0 deletions test/parse/test_comment.rb
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,19 @@ def test_doctype_malformed_comment_end
DETAIL
end

def test_after_doctype_malformed_comment_short
exception = assert_raise(REXML::ParseException) do
parse("<a><!-->")
end
assert_equal(<<~DETAIL.chomp, exception.to_s)
Malformed comment
Line: 1
Position: 8
Last 80 unconsumed characters:
-->
DETAIL
end

def test_after_doctype_malformed_comment_inner
exception = assert_raise(REXML::ParseException) do
parse("<a><!-- -- -->")
Expand Down

0 comments on commit d906ae2

Please sign in to comment.