Comments in HTML may be mangled if the comment contain a newline

Question

Comments in HTML may be mangled if the comment contain a newline

Closed this issue 3 years ago · 0 comments

Bug Report

Package(s): language-html
Version(s): v0.1.23

Description

When mangling a HTML document with comments, the language-html plugin might accidentally mangle in comments if the comment contains a newline. This bug exists for both in-HTML mangling and extracting embeds from HTML.

This was discovered as part of: https://github.com/ericcornelissen/webmangler/security/code-scanning/4, https://github.com/ericcornelissen/webmangler/security/code-scanning/5, https://github.com/ericcornelissen/webmangler/security/code-scanning/6, https://github.com/ericcornelissen/webmangler/security/code-scanning/7, https://github.com/ericcornelissen/webmangler/security/code-scanning/8 (all of which were closed as they're not security bugs).

Proof of Concept

Have a HTML file with either a <script> tag or <style> tag or any mangle-able HTML. For example:

<!--
<style>
  .cls-foo {
    display: block;
  }
</style>
-->
<!--
<script>
  var x = document.querySelectorAll(".cls-foo");
</script>
-->
<!--
<div class="cls-foo"></div>
-->

Run WebMangler CLI (version 0.1.6) with WebMangler Core (version 0.1.24) and the default mangler plugins & default language plugins (at the exact versions found in the WebMangler Core package.json).

Observe that the comments have been mangled. For the example above:

<!--
<style>
  .a {
    display: block;
  }
</style>
-->
<!--
<script>
  var x = document.querySelectorAll(".a");
</script>
-->
<!--
<div class="a"></div>
-->