@@ -444,8 +444,9 @@ public static function data_tokens_with_basic_modifiable_text_updates() {
444444 /**
445445 * Ensures that updates with potentially-compromising values aren't accepted.
446446 *
447- * For example, a modifiable text update should be allowed which would break
448- * the structure of the containing element, such as in a script or comment.
447+ * For example, a modifiable text update that would change the structure of the HTML
448+ * document is not allowed, like attempting to set `-->` within a comment or `</script>`
449+ * within a a text/plain SCRIPT tag.
449450 *
450451 * @ticket 61617
451452 * @ticket 62797
@@ -467,7 +468,7 @@ public function test_rejects_dangerous_updates( string $html_with_nonempty_modif
467468
468469 $ this assertFalse (
469470 $ processorset_modifiable_text ( $ invalid_update
470- 'Should have reject possibly-compromising modifiable text update. '
471+ 'Should have rejected possibly-compromising modifiable text update. '
471472 );
472473
473474 // Flush updates.
@@ -490,7 +491,7 @@ public static function data_unallowed_modifiable_text_updates() {
490491 'Comment with --> ' => array ( '<!-- this is a comment --> ' , 'Comments end in --> ' ),
491492 'Comment with --!> ' => array ( '<!-- this is a comment --> ' , 'Invalid but legitimate comments end in --!> ' ),
492493 'Non-JS SCRIPT with <script> ' => array ( '<script type="text/html">Replace me</script> ' , '<!-- Just a <script> ' ),
493- 'Non-JS SCRIPT with </script> ' => array ( '<script type="text/html ">Replace me</script> ' , 'Just a </script> ' ),
494+ 'Non-JS SCRIPT with </script> ' => array ( '<script type="text/plain ">Replace me</script> ' , 'Just a </script> ' ),
494495 'Non-JS SCRIPT with <script attributes> ' => array ( '<script language="text">Replace me</script> ' , '<!-- <script sneaky>after ' ),
495496 'Non-JS SCRIPT with </script attributes> ' => array ( '<script language="text">Replace me</script> ' , 'before</script sneaky>after ' ),
496497 );
0 commit comments