From 58c2ff5ed98a1c6231f0101de5b0d9ed65e72c4e Mon Sep 17 00:00:00 2001
From: Yutaka Yamaguchi <yyamaguchi@sixapart.com>
Date: Fri, 27 Mar 2015 20:39:06 +0900
Subject: [PATCH] fix(ngSanitize): use the smallest match on searching end tags

ngSanitize searches the string of the end tag with the longest match.
So it removes all of the HTML strings between script elements.
We should use the smallest possible match.

Closes #11442
---
 src/ngSanitize/sanitize.js      | 2 +-
 test/ngSanitize/sanitizeSpec.js | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js
index 9240309c5b48..ae11a825d5d3 100644
--- a/src/ngSanitize/sanitize.js
+++ b/src/ngSanitize/sanitize.js
@@ -350,7 +350,7 @@ function htmlParser(html, handler) {
 
     } else {
       // IE versions 9 and 10 do not understand the regex '[^]', so using a workaround with [\W\w].
-      html = html.replace(new RegExp("([\\W\\w]*)<\\s*\\/\\s*" + stack.last() + "[^>]*>", 'i'),
+      html = html.replace(new RegExp("([\\W\\w]*?)<\\s*\\/\\s*" + stack.last() + "[^>]*>", 'i'),
         function(all, text) {
           text = text.replace(COMMENT_REGEXP, "$1").replace(CDATA_REGEXP, "$1");
 
diff --git a/test/ngSanitize/sanitizeSpec.js b/test/ngSanitize/sanitizeSpec.js
index 33d036c97efc..fe7f83cf98a7 100644
--- a/test/ngSanitize/sanitizeSpec.js
+++ b/test/ngSanitize/sanitizeSpec.js
@@ -176,6 +176,10 @@ describe('HTML', function() {
     expectHTML('a<SCRIPT>ev<script>evil</sCript>il</scrIpt>c.').toEqual('ac.');
   });
 
+  it('should not remove elements between script elements', function() {
+    expectHTML('a<script>ev</script>b<script>il</script>c.').toEqual('abc.');
+  });
+
   it('should remove unknown  names', function() {
     expectHTML('a<xxx><B>b</B></xxx>c').toEqual('a<b>b</b>c');
   });