Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)

CHANGELOG

@@ -5,6 +5,7 @@ CHANGELOG Roundcube Webmail
 - Fix bug where invalid recipients could be silently discarded (#5739)
 - Fix conflict with _gid cookie of Google Analytics (#5748)
 - Print error from CLI scripts when system/exec function is disabled (#5744)
+- Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747)
 
 RELEASE 1.3-rc
 --------------

program/lib/Roundcube/rcube_utils.php

@@ -489,6 +489,7 @@ class rcube_utils
         $callback = function($matches) { return chr(hexdec($matches[1])); };
 
         $out = html_entity_decode(html_entity_decode($content));
+        $out = trim(preg_replace('/(^<!--|-->$)/', '', trim($out)));
         $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', $callback, $out);
         $out = preg_replace('#/\*.*\*/#Ums', '', $out);
         $out = strip_tags($out);

tests/Framework/Utils.php

@@ -227,6 +227,10 @@ class Framework_Utils extends PHPUnit_Framework_TestCase
 
         $mod = rcube_utils::xss_entity_decode('#foo:after{content:"\003Cimg/src=x onerror=alert(2)>";}');
         $this->assertNotContains('<img', $mod, "Strip (encoded) tags from content property");
+
+        // #5747
+        $mod = rcube_utils::xss_entity_decode('<!-- #foo { content:css; } -->');
+        $this->assertContains('#foo', $mod, "Strip HTML comments from content, but not the content");
     }
 
     /**