From e8b4befd1ee7aa6a7816bc080c2483343d603347 Mon Sep 17 00:00:00 2001
From: Oliver Schmidt <ol.sc@web.de>
Date: Sun, 7 Jun 2015 00:23:44 +0200
Subject: [PATCH] Further improved parsing of <SCRIPT> tag.

Script code may contain a '<' as part of a equation. We erroneously interpreted that as start of a tag. Now we check for the very next char to be a '/' as the only tag allowed is the </SCRIPT> tag.
---
 apps/webbrowser/htmlparser.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/webbrowser/htmlparser.c b/apps/webbrowser/htmlparser.c
index 020fc513b..5e606d08e 100644
--- a/apps/webbrowser/htmlparser.c
+++ b/apps/webbrowser/htmlparser.c
@@ -367,6 +367,8 @@ parse_tag(void)
   static unsigned char size;
 
   tag = find_tag(s.tag);
+  /* If we are inside a <script> we mustn't interpret any tags
+     (inside JavaScript strings) but wait for the </script>. */
   if(s.majorstate == MAJORSTATE_SCRIPT && tag != TAG_SLASHSCRIPT) {
     return;
   }
@@ -562,6 +564,15 @@ parse_word(char *data, uint8_t dlen)
     }
     break;
   case MINORSTATE_TAG:
+    /* If we are inside a <srcipt> we mustn't mistake a JavaScript
+       equation with a '<' as a tag. So we check for the very next
+       character to be a '/' as we're only interested in parsing
+       the </script>. */
+    if(s.majorstate == MAJORSTATE_SCRIPT && data[0] != ISO_slash) {
+      s.minorstate = MINORSTATE_TEXT;
+      break;
+    }
+
     /* We are currently parsing within the name of a tag. We check
        for the end of a tag (the '>' character) or whitespace (which
        indicates that we should parse a tag attr argument