Minor difference in string produces different output

Question

Minor difference in string produces different output

Meerkov opened this issue 9 years ago · 0 comments

In https://github.com/google/caja/blob/27248d0f223038346d63278b52ec038e77418ba9/src/com/google/caja/plugin/html-sanitizer.js when using javascript function parse(htmlText, handler, param) {
in javascript parseTagAndAttrs(parts, pos) {
The two badly formed html strings produce different output:

<p a='b' x='<

produces an empty dom

<p a='b' x='>

produces a dom containing a p tag, e.g. <p a="b" ></p>

This seems like a minor issue, but it's a little bit weird. It's possible this is on purpose, but based on the comments, this looks like an oversight in the way the parser is seeking out the next '>' token.