search

wp-media / wp-rocket

Performance optimization plugin for WordPress
https://wp-rocket.me
GNU General Public License v2.0
685 stars 214 forks source link

Commented HTML elements may generate unintended markup. #2890

Closed Davidacu closed 1 month ago

Davidacu commented 4 years ago

Before submitting an issue please check that you’ve completed the following steps:

Describe the bug When there are HTML tags inside a commented line, WP Rocket seems to process these tags and treat them as actual source code.

Preconditions

  1. Use this template to quickly reproduce the issue
  2. Optimize CSS delivery is enabled in WP Rocket.

To Reproduce Steps to reproduce the behavior:

  1. Go to the admin dashboard of the WP site and create a new page choosing the template provided.
  2. Navigate to the new page created in an incognito window.
  3. Either check the cache generated by WP Rocket or just look at the page source in the browser
  4. Scroll down to where the </head> element is commented, it should start as<!-- missing closing </head> -->

Expected behavior The comment should be <!-- missing closing </head> --> as in original template. image

Actual behavior The comment is <!-- some commented tags </head><body> --> notice that WP rocket adds an extra <body> tag inside the comments Screenshots image

Backlog Grooming (for WP Media dev team use only)

hellofromtonya commented 4 years ago

This also occurs with the CPCSS remove script insertion when there's comment with </body> in it.

To Reproduce

Steps to reproduce the behavior:

  1. Use the template David provided away and add a <!-- </body> --> comment to it within the body.
  2. Go to the admin dashboard of the WP site and create a new page choosing the template provided.
  3. Navigate to the new page created in an incognito window.
  4. Either check the cache generated by WP Rocket or just look at the page source in the browser
  5. Scroll down to where the comment is. Notice that it's inserting the script into that comment.
hellofromtonya commented 4 years ago

Essentially, if there are any main structural HTML tags commented out, unintended markup can happen if that tag is a regex target within Rocket. This is a systematic issue.

I'd estimate occurrence to be very low.

Why? We haven't had any tickets about this issue. And it's uncommon to comment out structural tags.

While we do want to fix this, it is a low priority.