From e521c1581b9d4d3a119c0af93f4ed6f289e8ac68 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Wed, 7 Jul 2021 13:36:06 -0700
Subject: [PATCH] CRM_Utils_JS::stripComments() - Mitigation for string which
 includes newline and comment

---
 CRM/Utils/JS.php                   | 4 ++++
 tests/phpunit/CRM/Utils/JSTest.php | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/CRM/Utils/JS.php b/CRM/Utils/JS.php
index 66c03e0f48..dbb5644a09 100644
--- a/CRM/Utils/JS.php
+++ b/CRM/Utils/JS.php
@@ -109,6 +109,10 @@ class CRM_Utils_JS {
    * @return string
    */
   public static function stripComments($script) {
+    // This function is a little naive, and some expressions may trip it up. Opt-out if anything smells fishy.
+    if (preg_match(';`\r?\n//;', $script)) {
+      return $script;
+    }
     return preg_replace("#^\\s*//[^\n]*$(?:\r\n|\n)?#m", "", $script);
   }
 
diff --git a/tests/phpunit/CRM/Utils/JSTest.php b/tests/phpunit/CRM/Utils/JSTest.php
index 56b758bc81..482d56c062 100644
--- a/tests/phpunit/CRM/Utils/JSTest.php
+++ b/tests/phpunit/CRM/Utils/JSTest.php
@@ -177,6 +177,12 @@ class CRM_Utils_JSTest extends CiviUnitTestCase {
       "alert('//# sourceMappingURL=../foo/bar/baz.js');\n//zoop\na();",
       "alert('//# sourceMappingURL=../foo/bar/baz.js');\na();",
     ];
+    $cases[] = [
+      // Quoted code-template which includes comment on newline. The '//' is part of the string.
+      // Ex: bower_components/monaco-editor/min/vs/loader.js @ ~v0.25
+      "var tpl=`\r\n//quoted comment`;",
+      "var tpl=`\r\n//quoted comment`;",
+    ];
     return $cases;
   }
 
-- 
2.25.1