Fix : CSS Child Combinator Parsing Bug (#297)

subbudvk · mikesamuel · web-flow · commit 6b3cebdc2241 · 2024-01-15T09:35:58.000-07:00
* Fix : Bug in HTMLStreamRendering for Child Combinator CSS

* Fix : ChildCombinator CSS Parsing Issue

---------

Co-authored-by: Mike Samuel &lt;mikesamuel@gmail.com&gt;
diff --git a/src/main/java/org/owasp/html/HtmlStreamRenderer.java b/src/main/java/org/owasp/html/HtmlStreamRenderer.java
@@ -341,7 +341,7 @@ private static int checkHtmlCdataCloseable(
           }
           break;
         case '>':
-          if (i >= 2 && sb.charAt(i - 2) == '-' && sb.charAt(i - 2) == '-') {
+          if (i >= 2 && sb.charAt(i - 2) == '-' && sb.charAt(i - 1) == '-') {
             if (innerStart < 0) { return i - 2; }
             // Merged start and end like <!--->
             if (innerStart + 6 > i) { return innerStart; }
diff --git a/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java b/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java
@@ -994,7 +994,7 @@ public static final void testTextareaIsNotTextArea() {
     assertEquals("x<textArea>y</textArea>", textAreaPolicy.sanitize(input));
   }
 
-   @Test
+  @Test
   public static final void testCSSFontSize() {
 	 HtmlPolicyBuilder builder = new HtmlPolicyBuilder();
  	 PolicyFactory factory = builder.allowElements("span")
@@ -1007,6 +1007,41 @@ public static final void testCSSFontSize() {
  	 assertEquals(toSanitizeMedium, factory.sanitize(toSanitizeMedium)); 
   }
 
+  @Test
+  public static final void testCSSChildCombinator() {
+	  HtmlPolicyBuilder builder = new HtmlPolicyBuilder();
+	 
+ 	  PolicyFactory factory = builder.allowElements("span","style","h1").allowTextIn("style","h1")
+ 	    .allowAttributes("type").onElements("style").allowStyling()
+ 	    .toFactory();
+ 	
+ 	 
+ 	  String toSanitize = "<style type=\"text/css\">\n"
+ 	 	  + "<!--\n"
+ 	 	  + ".hdg-1 {\n"
+ 	 	  + "width:100%;\n"
+ 	 	  + "}\n"
+ 	 	  + "\n"
+ 	 	  + ".hdg-1>._inner {\n"
+ 	 	  + "background-color: #999;\n"
+ 	 	  + "}\n"
+ 	 	  + "-->\n"
+ 	 	  + "</style>\n"
+ 	 	  + "<h1>Test</h1>\n"
+ 	 	  + "\n"
+ 	 	  + "<style>\n"
+ 	 	  + "<!--\n"
+ 	 	  + ".hdg-1 {\n"
+ 	 	  + "width:100%;\n"
+ 	 	  + "}\n"
+ 	 	  + "\n"
+ 	 	  + ".hdg-1>._inner {\n"
+ 	 	  + "background-color: #666;\n"
+ 	 	  + "}\n"
+ 	 	  + "-->\n"
+ 	 	  + "</style>";
+ 	  assertEquals(toSanitize, factory.sanitize(toSanitize));
+  }
 
   private static String apply(HtmlPolicyBuilder b) {
     return apply(b, EXAMPLE);

Original file line number	Diff line number	Diff line change
`@@ -341,7 +341,7 @@ private static int checkHtmlCdataCloseable(`
`341`	`341`	`}`
`342`	`342`	`break;`
`343`	`343`	`case '>':`
`344`		`- if (i >= 2 && sb.charAt(i - 2) == '-' && sb.charAt(i - 2) == '-') {`
	`344`	`+ if (i >= 2 && sb.charAt(i - 2) == '-' && sb.charAt(i - 1) == '-') {`
`345`	`345`	`if (innerStart < 0) { return i - 2; }`
`346`	`346`	`// Merged start and end like <!--->`
`347`	`347`	`if (innerStart + 6 > i) { return innerStart; }`