Fixes #11402. domManip now also removes the closing part of HTML comments or CDATA surrounding executed scripts. Unit tests added.

3 files changed, 19 insertions, 1 deletions

diff --git a/src/manipulation.js b/src/manipulation.js
index cc6acee82..888c9f33c 100644
--- a/src/manipulation.js
+++ b/src/manipulation.js
@@ -29,7 +29,7 @@ var nodeNames = "abbr|article|aside|audio|bdi|canvas|data|datalist|details|figca
 	// checked="checked" or checked
 	rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
 	rscriptType = /\/(java|ecma)script/i,
-	rcleanScript = /^\s*<!(?:\[CDATA\[|\-\-)/,
+	rcleanScript = /^\s*<!(?:\[CDATA\[|\-\-)|[\]\-]{2}>\s*$/g,
 	wrapMap = {
 		option: [ 1, "<select multiple='multiple'>", "</select>" ],
 		legend: [ 1, "<fieldset>", "</fieldset>" ],
diff --git a/test/data/cleanScript.html b/test/data/cleanScript.html
new file mode 100644
index 000000000..69288a858
--- /dev/null
+++ b/test/data/cleanScript.html
@@ -0,0 +1,10 @@
+<script>
+<!--
+ok( true, "script within html comments executed" );
+-->
+</script>
+<script>
+<![CDATA[
+ok( true, "script within CDATA executed" );
+]]>
+</script>
diff --git a/test/unit/ajax.js b/test/unit/ajax.js
index 8be1947fb..d9c4c33e7 100644
--- a/test/unit/ajax.js
+++ b/test/unit/ajax.js
@@ -2467,6 +2467,14 @@ test( "jQuery.domManip - no side effect because of ajaxSetup or global events (#
 	});
 });
 
+test( "jQuery.domManip - script in comments are properly evaluated (#11402)", function() {
+	expect( 2 );
+	stop();
+	jQuery( "#qunit-fixture" ).load( "data/cleanScript.html", function() {
+		start();
+	});
+});
+
 test("jQuery.ajax - active counter", function() {
     ok( jQuery.active == 0, "ajax active counter should be zero: " + jQuery.active );
 });