The above commit was made to make parsing consistent with HTML5 Spec, but while this is being rewritten it looks like a regression was introduced when parsing for >
To ensure this entity > is part of a HTML Comment it seems to have been checked the previous two characters are - but with this commit only char - 2 is checked twice. So if a CSS Child combinator with - selector is used, it was treated was a error and as a result user CSS was badly stripped. Fixing this and adding a test for it.
https://github.com/OWASP/java-html-sanitizer/commit/241b4b8a6cd37c486b36f12fc135a018881c3e4a#diff-0a08f29a5b7867e56d6aa9f6abe035e32ee9411a8bc96afa9a6acff2a6d6f07fR338
The above commit was made to make parsing consistent with HTML5 Spec, but while this is being rewritten it looks like a regression was introduced when parsing for
>
To ensure this entity
>
is part of a HTML Comment it seems to have been checked the previous two characters are-
but with this commit onlychar - 2
is checked twice. So if a CSS Child combinator with-
selector is used, it was treated was a error and as a result user CSS was badly stripped. Fixing this and adding a test for it.Fixes https://github.com/OWASP/java-html-sanitizer/issues/251