Fix removing comments when purifying HTML - closes #3894

2024-11-23 19:02:46 +01:00 · 2024-03-21 02:48:15 -07:00 · 2024-03-21 02:48:15 -07:00 · 90c80c9946
commit 90c80c9946
parent 0b9ca610b7
2 changed files with 7 additions and 5 deletions
--- a/app/Thread.php
+++ b/app/Thread.php
@ -317,10 +317,11 @@ class Thread extends Model

        // Remove only the <!--[if !mso]><!--> and <!--<![endif]--> around the elements.
        // https://github.com/freescout-helpdesk/freescout/pull/3865#issuecomment-1990758149
-        $body = preg_replace('/<!\-\-\[if !mso\]><!\-\->(.*?)<![ ]+\-\-<!\[endif\]\-\->/s', '$1', $body);
+        $body = preg_replace('/<!\-\-\[if [^>]+\]><!\-\->(.*?)<![ ]+\-\-<!\[endif\]\-\->/s', '$1', $body);

-        // // Remove <!--[if !mso]><!--> and <!--<![endif]--> comments, preserving the data inside
-        $body = preg_replace('/(<!\-\-\[if mso\]>|<!\[endif\]\-\->)/', '', $body);
+        // https://github.com/freescout-helpdesk/freescout/issues/3894
+        // Remove <!--[if !mso]><!--> and <!--<![endif]--> comments, preserving the data inside
+        //$body = preg_replace('/(<!\-\-\[if [^>]+\]>|<!\[endif\]\-\->)/', '', $body);

        return \Helper::purifyHtml($body);
    }
--- a/overrides/ezyang/htmlpurifier/library/HTMLPurifier/Lexer.php
+++ b/overrides/ezyang/htmlpurifier/library/HTMLPurifier/Lexer.php
@ -272,9 +272,10 @@ class HTMLPurifier_Lexer
     */
    protected static function removeIEConditional($string)
    {
+        // https://github.com/freescout-helpdesk/freescout/issues/3894
        return preg_replace(
-            '#<!--\[if [^>]+\]>.*?<!\[endif\]-->#si', // probably should generalize for all strings
-            '',
+            '#<!--\[if [^>]+\]>(.*?)<!\[endif\]-->#si', // probably should generalize for all strings
+            '$1',
            $string
        );
    }