diff --git a/Kernel/cpan-lib/HTML/Scrubber.pm b/Kernel/cpan-lib/HTML/Scrubber.pm
index 96b2538cf2..832b15ec4f 100644
--- a/Kernel/cpan-lib/HTML/Scrubber.pm
+++ b/Kernel/cpan-lib/HTML/Scrubber.pm
@@ -55,9 +55,11 @@ If you're new to perl, good luck to you.
=cut
-use 5.008; # enforce minimum perl version of 5.8
+use v5.10; # enforce minimum perl version of 5.8
use strict;
use warnings;
+use feature qw(state);
+
use HTML::Parser 3.47 ();
use HTML::Entities;
use Scalar::Util ('weaken');
@@ -471,6 +473,8 @@ sub _scrub_str {
my $s = $p->{"\0_s"};
+ state $last_start_tag = '';
+
# premptive handling of an event might turn off the rule based handling
if ( $s->{_preempt} && ref $s->{_preempt} eq 'CODE' ) {
if ( $e eq 'end' && $text eq '' && $s->{_ignore_empty_end} ) {
@@ -495,6 +499,7 @@ sub _scrub_str {
my $outstr = '';
if ( $e eq 'start' ) {
+ $last_start_tag = $t;
if ( exists $s->{_rules}->{$t} ) # is there a specific rule
{
if ( ref $s->{_rules}->{$t} ) # is it complicated?(not simple;)
@@ -548,7 +553,14 @@ sub _scrub_str {
}
elsif ( $e eq 'text' or $e eq 'default' ) {
$text =~ s//>/g;
+
+ # This is very hackish.
+ if ( $last_start_tag eq 'style' ) {
+ # do not replace '>' in style tags
+ }
+ else {
+ $text =~ s/>/>/g; # see https://rt.cpan.org/Public/Bug/Display.html?id=2991
+ }
$outstr .= $text;
}
diff --git a/scripts/test/HTMLUtils/Safety.t b/scripts/test/HTMLUtils/Safety.t
index d90b985743..453031498a 100644
--- a/scripts/test/HTMLUtils/Safety.t
+++ b/scripts/test/HTMLUtils/Safety.t
@@ -26,6 +26,7 @@ use Test2::V0;
# OTOBO modules
use Kernel::System::UnitTest::RegisterOM; # set up $Kernel::OM
+use Kernel::System::UnitTest::Diff qw(TextEqOrDiff);
# get HTMLUtils object
my $HTMLUtilsObject = $Kernel::OM->Get('Kernel::System::HTMLUtils');
@@ -662,17 +663,17 @@ END_INPUT
Result => {
Output => <<'END_OUTPUT',
@@ -933,7 +934,7 @@ for my $Test (@TestsWithDefaultConfig) {
else {
ok( !$Result{Replace}, 'not replaced', );
}
- is( $Result{String}, $Test->{Result}->{Output}, 'output' );
+ TextEqOrDiff( $Result{String}, $Test->{Result}->{Output}, 'output' );
};
}
@@ -1166,7 +1167,7 @@ You should be able to continue reading these lessons, however.
Line => __LINE__,
},
{
- Name => 'stype with remote background image protocol-relative URL, NoExtSrcLoad',
+ Name => 'style with remote background image protocol-relative URL, NoExtSrcLoad',
Input => 'localhost',
Config => {
NoExtSrcLoad => 1,
@@ -1334,7 +1335,7 @@ for my $Test (@TestsWithExplicitConfig) {
else {
ok( !$Result{Replace}, 'not replaced', );
}
- is( $Result{String}, $Test->{Result}->{Output}, 'output' );
+ TextEqOrDiff( $Result{String}, $Test->{Result}->{Output}, 'output' );
};
}
@@ -1461,9 +1462,10 @@ END_HTML
String => $String,
);
- # all '>' in text elements are replaced by '>'
- my $ExpectedScrubbedString = ( $String =~ s/div > p/div > p/r ) =~ s/greater: >/greater: >/r;
- is( $Result{String}, $ExpectedScrubbedString, 'greater sign encoded' );
+ # all '>' in text content, except style, are replaced by '>'
+ my $ExpectedScrubbedString = $String =~ s/greater: >/greater: >/r;
+
+ TextEqOrDiff( $Result{String}, $ExpectedScrubbedString, 'greater sign encoded' );
}
done_testing;