From 2002e5877efa40b336b70b707670e734c6389958 Mon Sep 17 00:00:00 2001
From: Bruno Michel <bmichel@menfin.info>
Date: Sat, 26 Jun 2010 19:00:57 +0200
Subject: Strip_tags never ending attribute should not raise a TypeError [#4870
 state:resolved]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: José Valim <jose.valim@gmail.com>
---
 actionpack/lib/action_controller/vendor/html-scanner/html/node.rb     | 1 +
 .../lib/action_controller/vendor/html-scanner/html/tokenizer.rb       | 1 +
 actionpack/test/template/html-scanner/sanitizer_test.rb               | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
index 6c0331636c..a874519978 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
@@ -177,6 +177,7 @@ module HTML #:nodoc:
                     case text
                       when "\\" then
                         value << text
+                        break if scanner.eos?
                         value << scanner.getch
                       when delim
                         break
diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb
index 064ff3724d..240dc1890f 100644
--- a/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb
+++ b/actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb
@@ -96,6 +96,7 @@ module HTML #:nodoc:
           while match = @scanner.scan_until(/[\\#{delim}]/)
             text << match
             break if @scanner.matched == delim
+            break if @scanner.eos?
             text << @scanner.getch # skip the escaped character
           end
         end
diff --git a/actionpack/test/template/html-scanner/sanitizer_test.rb b/actionpack/test/template/html-scanner/sanitizer_test.rb
index a6e760b0b6..c9edde8892 100644
--- a/actionpack/test/template/html-scanner/sanitizer_test.rb
+++ b/actionpack/test/template/html-scanner/sanitizer_test.rb
@@ -257,6 +257,10 @@ class SanitizerTest < ActionController::TestCase
      assert_sanitized %{<a href=\"http://www.domain.com?var1=1&amp;var2=2\">my link</a>}
   end
 
+  def test_should_sanitize_neverending_attribute
+    assert_sanitized "<span class=\"\\", "<span class=\"\\\">"
+  end
+
 protected
   def assert_sanitized(input, expected = nil)
     @sanitizer ||= HTML::WhiteListSanitizer.new
-- 
cgit v1.2.3