Use alternative way of stripping appended HTML comments

Co-authored-by: Alain Schlesser <[email protected]> Co-authored-by: Weston Ruter <[email protected]>
ampproject · Mar 31, 2021 · 0196441 · 0196441
1 parent b7c7e29
commit 0196441
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/includes/validation/class-amp-validation-manager.php b/includes/validation/class-amp-validation-manager.php
@@ -1848,7 +1848,22 @@ public static function validate_url( $url ) {
 		$response = ltrim( $response );
 
 		// Strip HTML comments that may have been injected at the end of the response (e.g. by a caching plugin).
-		$response = preg_replace( '/}\s*?<!--.*?-->\s*$/s', '}', $response );
+		while ( ! empty( $response ) ) {
+			$response = rtrim( $response );
+			$length   = strlen( $response );
+
+			if ( $length < 3 || '-' !== $response[ $length - 3 ] || '-' !== $response[ $length - 2 ] || '>' !== $response[ $length - 1 ] ) {
+				break;
+			}
+
+			$start = strrpos( $response, '<!--' );
+
+			if ( false === $start ) {
+				break;
+			}
+
+			$response = substr( $response, 0, $start );
+		}
 
 		if ( '' === $response ) {
 			return new WP_Error( 'white_screen_of_death' );

diff --git a/tests/php/validation/test-class-amp-validation-manager.php b/tests/php/validation/test-class-amp-validation-manager.php
@@ -2099,6 +2099,17 @@ public function get_validation_errors() {
 				],
 				"\n<!-- Generated by greatness! -->\n",
 			],
+			'error with multiple comments at end' => [
+				[
+					[
+						'code' => 'example',
+					],
+				],
+				'<!-- generated 2 seconds ago -->
+				<!-- generated in 1.134 seconds -->
+				<!-- served from batcache in 0.003 seconds -->
+				<!-- expires in 298 seconds -->',
+			],
 			'error with multi-line comment at end' => [
 				[
 					[