Menu

#2207 Delimiters with closing HTML comment inside JS string will start a comment

Bug
closed-fixed
nobody
lexer (143) html (24) scintilla (611) lexilla (55)
5
2021-06-02
2020-09-27
Arkadiusz MIchalski
No

Report from: https://github.com/notepad-plus-plus/notepad-plus-plus/issues/8359 (also apply to latest SciTE).
Closing "-->" HTML comment in JS string inside HTML file is trate as comment (but should be string).

Code to reproduce:

<!DOCTYPE html>
<script>
  var example = "<!-- -->";  // closing "-->" is string
  console.log(example);
  console.log(document.scripts[0].text);
</script>
</html>

Result in attached file, but even in this page we see that it's correct. I make some research describing this situation:
https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
https://tc39.es/ecma262/#sec-html-like-comments

Bassicaly explicity using "<!--" and "-->" is safe inside JS string if we don't mix them with <script (will not disturb the script execution).

Actually in Scintilla everything in JS string after "-->" chars (including themselves) are trate as comment. Check this code:

<!DOCTYPE html>
<script>
  var example = "--> I'm not comment"; // I'm comment
</script>
</html>
1 Attachments
test.gif

Discussion

  • Neil Hodgson

    Neil Hodgson - 2020-09-27
    • labels: --> lexer, html, scintilla
    • status: open --> open-accepted
     

  • Neil Hodgson

    Neil Hodgson - 2021-04-26
    • labels: lexer, html, scintilla --> lexer, html, scintilla, lexilla
    • status: open-accepted --> open-fixed
     

  • Zufu Liu

    Zufu Liu - 2021-04-27

    similar code still in case SCE_HJ_SINGLESTRING:
    } else if ((inScriptType == eNonHtmlScript) && (ch == '-') && (chNext == '-') && (chNext2 == '>')) {

     

  • Neil Hodgson

    Neil Hodgson - 2021-06-02
    • status: open-fixed --> closed-fixed
     

Log in to post a comment.

MongoDB Logo MongoDB