Fixed HTML::Tokenizer (used in sanitize helper) didnt handle unclosed CDATA tags (closes #10071) [esad, packagethief]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9111 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

actionpack/CHANGELOG

@@ -1,5 +1,7 @@
 *SVN*
 
+* Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 [esad, packagethief]
+
 * Improve documentation. [Radar, Jan De Poorter, chuyeow, xaviershay, danger, miloops, Xavier Noria,  Sunny Ripert]
 
 * Fixed that FormHelper#radio_button would produce invalid ids #11298 [harlancrystal]

actionpack/lib/action_controller/vendor/html-scanner/html/tokenizer.rb

@@ -54,7 +54,7 @@ module HTML #:nodoc:
           tag << (@scanner.scan_until(/--\s*>/) || @scanner.scan_until(/\Z/))
         elsif @scanner.scan(/!\[CDATA\[/)
           tag << @scanner.matched
-          tag << @scanner.scan_until(/\]\]>/)
+          tag << (@scanner.scan_until(/\]\]>/) || @scanner.scan_until(/\Z/))
         elsif @scanner.scan(/!/) # doctype
           tag << @scanner.matched
           tag << consume_quoted_regions

actionpack/test/controller/html-scanner/tokenizer_test.rb

@@ -78,6 +78,13 @@ class TokenizerTest < Test::Unit::TestCase
     assert_end
   end
 
+  def test_unterminated_cdata_tag
+    tokenize %{<content:encoded><![CDATA[ neverending...}
+    assert_next %{<content:encoded>}
+    assert_next %{<![CDATA[ neverending...}
+    assert_end
+  end
+
   def test_less_than_with_space
     tokenize %{original < hello > world}
     assert_next %{original }