Closed TotalWipeOut closed 5 years ago
While attempting to get the text content of an HTML string, I found that users had pasted in code that contained these short HTML comments, <!--> and <!--->`.
<!-->
<?php require 'vendor/autoload.php'; $stripTags = new Zend\Filter\StripTags(); $html = 'This <!-- --> works'; $text = $stripTags->filter($html); echo $text . PHP_EOL; $html = 'infinite<!--> loop'; $text = $stripTags->filter($html); $html = 'also infinite<!---> loop'; $text = $stripTags->filter($html);
These short comment artefacts should be removed like any other HTML comment
These caused infinite loops. I see these artefacts as something that StripTags should remove.
While attempting to get the text content of an HTML string, I found that users had pasted in code that contained these short HTML comments,
<!-->and <!--->`.Code to reproduce the issue
Expected results
These short comment artefacts should be removed like any other HTML comment
Actual results
These caused infinite loops. I see these artefacts as something that StripTags should remove.