[2.0.1] Improve special case handling for <script>

- DirectLex now honors comments with greater than or less than signs in them
- Comments are transformed into script elements, ending comments are scrapped
- Buggy generator code rewritten to be more error-proof
- AttrValidator checks if token has attributes before processing
- Remove invalid documentation from Scripting
- "Commenting" of script elements switched to the more advanced version

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1189 48356398-32a2-884e-a903-53898d9a118a

tests/HTMLPurifier/GeneratorTest.php

@@ -141,9 +141,31 @@ class HTMLPurifier_GeneratorTest extends HTMLPurifier_Harness
                 new HTMLPurifier_Token_Text('alert(3 < 5);'),
                 new HTMLPurifier_Token_End('script')
             ),
-            "<script><!--\nalert(3 < 5);\n// --></script>"
+            "<script><!--//--><![CDATA[//><!--\nalert(3 < 5);\n//--><!]]></script>"
         );
         
+        // if missing close tag, don't do anything
+        $this->assertGeneration(
+            array(
+                new HTMLPurifier_Token_Start('script'),
+                new HTMLPurifier_Token_Text('alert(3 < 5);'),
+            ),
+            "<script>alert(3 &lt; 5);"
+        );
+        
+        // if two script blocks, don't do anything
+        $this->assertGeneration(
+            array(
+                new HTMLPurifier_Token_Start('script'),
+                new HTMLPurifier_Token_Text('alert(3 < 5);'),
+                new HTMLPurifier_Token_Text('foo();'),
+                new HTMLPurifier_Token_End('script')
+            ),
+            "<script>alert(3 &lt; 5);foo();</script>"
+        );
+        
+        
+        
         $this->config = HTMLPurifier_Config::createDefault();
         $this->config->set('Core', 'CommentScriptContents', false);
         

tests/HTMLPurifier/HTMLModule/ScriptingTest.php

@@ -18,6 +18,14 @@ class HTMLPurifier_HTMLModule_ScriptingTest extends HTMLPurifier_HTMLModuleHarne
             array('HTML.Trusted' => true)
         );
         
+        // CDATA
+        $this->assertResult(
+'//<![CDATA[
+alert("<This is compatible with XHTML>");
+//]]> ', true,
+            array('HTML.Trusted' => true)
+        );
+        
         // max
         $this->assertResult(
             '<script

tests/HTMLPurifier/LexerTest.php

@@ -299,6 +299,22 @@ class HTMLPurifier_LexerTest extends UnitTestCase
         $sax_expect[19] = false; // SAX drops the < character
         $dom_expect[19] = false; // DOM drops the entire pseudo-tag
         
+        // test comment parsing with funky characters inside
+        $input[20] = '<!-- This >< comment --><br />';
+        $expect[20] = array(
+            new HTMLPurifier_Token_Comment(' This >< comment '),
+            new HTMLPurifier_Token_Empty('br')
+        );
+        $sax_expect[20] = false;
+        
+        // test comment parsing of missing end
+        $input[21] = '<!-- This >< comment';
+        $expect[21] = array(
+            new HTMLPurifier_Token_Comment(' This >< comment')
+        );
+        $sax_expect[21] = false;
+        $dom_expect[21] = false;
+        
         $default_config = HTMLPurifier_Config::createDefault();
         $default_context = new HTMLPurifier_Context();
         foreach($input as $i => $discard) {

tests/HTMLPurifier/Strategy/RemoveForeignElementsTest.php

@@ -79,6 +79,18 @@ class HTMLPurifier_Strategy_RemoveForeignElementsTest
             array('HTML.Allowed' => 'div')
         );
         
+        // text-ify commented script contents ( the trailing comment gets
+        // removed during generation )
+        $this->assertResult(
+'<script type="text/javascript"><!--
+alert(<b>bold</b>);
+// --></script>',
+'<script type="text/javascript">
+alert(&lt;b&gt;bold&lt;/b&gt;);
+// </script>',
+            array('HTML.Trusted' => true, 'Output.CommentScriptContents' => false)
+        );
+        
     }
     
 }