sparklemotion · tenderlove · Mar 4, 2019 · Feb 28, 2019
diff --git a/Manifest.txt b/Manifest.txt
@@ -235,3 +235,4 @@ lib/xml-apis.jar
 lib/xsd/xmlparser/nokogiri.rb
 patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
 patches/libxml2/0002-Remove-script-macro-support.patch
+patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
diff --git a/patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch b/patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
@@ -0,0 +1,44 @@
+From ffc08467744bd2305d41ca882c37fa30adf3a067 Mon Sep 17 00:00:00 2001
+From: Kevin Solorio <soloriok@gmail.com>
+Date: Wed, 27 Feb 2019 14:34:17 -0800
+Subject: [PATCH 2/2] update entities.c to remove handling of ssi
+
+---
+ entities.c | 21 ---------------------
+ 1 file changed, 21 deletions(-)
+
+diff --git a/entities.c b/entities.c
+index 43549bc5..5c4a2a60 100644
+--- a/entities.c
++++ b/entities.c
+@@ -592,27 +592,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
+ 	 * By default one have to encode at least '<', '>', '"' and '&' !
+ 	 */
+ 	if (*cur == '<') {
+-	    const xmlChar *end;
+-
+-	    /*
+-	     * Special handling of server side include in HTML attributes
+-	     */
+-	    if (html && attr &&
+-	        (cur[1] == '!') && (cur[2] == '-') && (cur[3] == '-') &&
+-	        ((end = xmlStrstr(cur, BAD_CAST "-->")) != NULL)) {
+-	        while (cur != end) {
+-		    *out++ = *cur++;
+-		    indx = out - buffer;
+-		    if (indx + 100 > buffer_size) {
+-			growBufferReentrant();
+-			out = &buffer[indx];
+-		    }
+-		}
+-		*out++ = *cur++;
+-		*out++ = *cur++;
+-		*out++ = *cur++;
+-		continue;
+-	    }
+ 	    *out++ = '&';
+ 	    *out++ = 'l';
+ 	    *out++ = 't';
+-- 
+2.16.2
+
diff --git a/test/html/test_attributes_do_not_support_macros.rb b/test/html/test_attributes_do_not_support_macros.rb
diff --git a/test/html/test_attributes_properly_escaped.rb b/test/html/test_attributes_properly_escaped.rb
@@ -0,0 +1,34 @@
+require "helper"
+
+module Nokogiri
+  module HTML
+    class TestAttributesDoNotSupportMacros < Nokogiri::TestCase
+      unless Nokogiri::VersionInfo.instance.libxml2? && Nokogiri::VersionInfo.instance.libxml2_using_system?
+
+        def test_attribute_macros_are_escaped
+          html = "<p><i for=\"&{<test>}\"></i></p>"
+          document = Nokogiri::HTML::Document.new
+          nodes = document.parse(html)
+
+          assert_equal("<p><i for=\"&amp;{&lt;test&gt;}\"></i></p>", nodes[0].to_s)
+        end
+
+        def test_libxml_escapes_server_side_includes
+          original_html = %(<p><a href='<!--"><test>-->'></a></p>)
+          document = Nokogiri::HTML::Document.new
+          html = document.parse(original_html).to_s
+
+          assert_match(/!--%22&gt;&lt;test&gt;/, html)
+        end
+
+        def test_libxml_escapes_server_side_includes_without_nested_quotes
+          original_html = %(<p><i for="<!--<test>-->"></i></p>)
+          document = Nokogiri::HTML::Document.new
+          html = document.parse(original_html).to_s
+
+          assert_match(/&lt;!--&lt;test&gt;/, html)
+        end
+      end
+    end
+  end
+end