The WHATWG "living spec" document provides guidance on how to handle "abruptly closed" HTML comments. Specifically, it suggests that parsers should interpret
<!---> to be empty comments.
This guidance is non-normative, but popular modern browsers do follow this guidance (verified on Firefox and Chrome).
This merge request contains two commits:
- Introduce test coverage for how abruptly-closed comments are currently handled, to establish baseline behavior
htmlParseCommentto handle abruptly-closed comments, and update the tests with the new behavior
This patch is similar to !82 (closed) in that the difference in comment-handling may provide an opportunity for an XSS attack vector to emerge, if libxml2 is being used to sanitize the HTML. I acknowledge that libxml2's HTML parser isn't the best choice for sanitizing HTML5, but wanted to mention it as a rationale for submitting this patch.