icelam · icelam · Aug 5, 2022 · Aug 4, 2022
diff --git a/__tests__/HtmlInlineScriptPlugin.test.ts b/__tests__/HtmlInlineScriptPlugin.test.ts
@@ -13,6 +13,7 @@ import ignoreScriptsConfig from './cases/ignore-scripts/webpack.config';
 import ignoreHtmlsConfig from './cases/ignore-htmls/webpack.config';
 import ignoreScriptsAndHtmlsConfig from './cases/ignore-scripts-and-htmls/webpack.config';
 import filenameWithSpecialCharactersConfig from './cases/filename-with-special-characters/webpack.config';
+import escapeScriptTagEndConfig from './cases/escape-script-end-tag/webpack.config';

 describe('HtmlInlineScriptPlugin', () => {
  it('should build simple webpack config without error', async () => {
@@ -358,6 +359,38 @@ describe('HtmlInlineScriptPlugin', () => {
    await webpackPromise;
  });

+  it('should escape any "</script>" appears in source', async () => {
+    const webpackPromise = new Promise((resolve) => {
+      const compiler = webpack(escapeScriptTagEndConfig);
+
+      compiler.run((error, stats) => {
+        expect(error).toBeNull();
+
+        const statsErrors = stats?.compilation.errors;
+        expect(statsErrors?.length).toBe(0);
+
+        const result = fs.readFileSync(
+          path.join(__dirname, 'cases/escape-script-end-tag/dist/index.html'),
+          'utf8',
+        );
+
+        const expected = fs.readFileSync(
+          path.join(__dirname, 'cases/escape-script-end-tag/expected/index.html'),
+          'utf8',
+        );
+        expect(result).toBe(expected);
+
+        const expectedFileList = fs.readdirSync(path.join(__dirname, 'cases/escape-script-end-tag/expected/'));
+        const generatedFileList = fs.readdirSync(path.join(__dirname, 'cases/escape-script-end-tag/dist/'));
+        expect(expectedFileList.sort()).toEqual(generatedFileList.sort());
+
+        resolve(true);
+      });
+    });
+
+    await webpackPromise;
+  });
+
  it('should build throw error if options passed to plugin is old options format', async () => {
    const initializedPlugin = () => {
      // eslint-disable-next-line @typescript-eslint/no-explicit-any, no-new

diff --git a/__tests__/cases/escape-script-end-tag/expected/index.html b/__tests__/cases/escape-script-end-tag/expected/index.html
@@ -0,0 +1 @@
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta name="language" content="English"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="minimum-scale=1,initial-scale=1,width=device-width,shrink-to-fit=no"/><title>webpack test</title></head><body><p>This is minimal code to demonstrate webpack usage</p><script defer="defer">document.write('<script>console.log("Hello world");<\/script>'),document.write('<script>console.log("Goodbye world");<\/script>');</script></body></html>
diff --git a/__tests__/cases/escape-script-end-tag/fixtures/index.html b/__tests__/cases/escape-script-end-tag/fixtures/index.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="language" content="English" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+    <meta name="viewport" content="minimum-scale=1, initial-scale=1, width=device-width, shrink-to-fit=no" />
+    <title>webpack test</title>
+  </head>
+  <body>
+    <p>This is minimal code to demonstrate webpack usage</p>
+  </body>
+</html>
diff --git a/__tests__/cases/escape-script-end-tag/fixtures/index.js b/__tests__/cases/escape-script-end-tag/fixtures/index.js
@@ -0,0 +1,3 @@
+// eslint-disable-next-line no-console
+document.write('<script>console.log("Hello world");</script>');
+document.write('<script>console.log("Goodbye world");</script>');
diff --git a/__tests__/cases/escape-script-end-tag/webpack.config.ts b/__tests__/cases/escape-script-end-tag/webpack.config.ts
@@ -0,0 +1,22 @@
+import path from 'path';
+import type { Configuration } from 'webpack';
+import HtmlWebpackPlugin from 'html-webpack-plugin';
+import Self from '../../../dist';
+
+const config: Configuration = {
+  mode: 'production',
+  entry: path.join(__dirname, './fixtures/index.js'),
+  output: {
+    path: path.join(__dirname, './dist'),
+    filename: '[name].js'
+  },
+  plugins: [
+    new HtmlWebpackPlugin({
+      template: path.resolve(__dirname, './fixtures/index.html'),
+      inject: 'body'
+    }),
+    new Self()
+  ]
+};
+
+export default config;
diff --git a/src/HtmlInlineScriptPlugin.ts b/src/HtmlInlineScriptPlugin.ts
@@ -82,7 +82,8 @@ class HtmlInlineScriptPlugin implements WebpackPluginInstance {

    return {
      tagName: 'script',
-      innerHTML: asset.source() as string,
+      // escape '</script>' appears in source
+      innerHTML: (asset.source() as string).replace(/(<)(\/script>)/g, '\\x3C$2'),
      voidTag: false,
      attributes: attributesWithoutSrc,
      meta: { plugin: 'html-inline-script-webpack-plugin' }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta name="language" content="English"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="minimum-scale=1,initial-scale=1,width=device-width,shrink-to-fit=no"/><title>webpack test</title></head><body><p>This is minimal code to demonstrate webpack usage</p><script defer="defer">document.write('<script>console.log("Hello world");<\/script>'),document.write('<script>console.log("Goodbye world");<\/script>');</script></body></html>