From 3fbc735b000f34a1d27b5f7de2e0d3dc3533c1d5 Mon Sep 17 00:00:00 2001
From: Evan Wallace <evan.exe@gmail.com>
Date: Sun, 8 Aug 2021 06:45:35 -0400
Subject: [PATCH] avoid printing "</style" in CSS code (#1509)

---
 CHANGELOG.md                             | 25 ++++++++++++++++++++++++
 internal/css_printer/css_printer.go      |  7 +++++++
 internal/css_printer/css_printer_test.go |  5 +++++
 internal/js_printer/js_printer.go        |  1 +
 4 files changed, 38 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28d21963026..c3bc0035f43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,30 @@
 # Changelog
 
+## Unreleased
+
+* Avoid the sequence `</style` in CSS output ([#1509](https://github.com/evanw/esbuild/issues/1509))
+
+    The CSS code generator now avoids generating the character sequence `</style` in case you want to embed the CSS output in a `<style>...</style>` tag inside HTML:
+
+    ```css
+    /* Original code */
+    a:after {
+      content: "</style>";
+    }
+
+    /* Old output */
+    a:after {
+      content: "</style>";
+    }
+
+    /* New output */
+    a:after {
+      content: "<\/style>";
+    }
+    ```
+
+    This mirrors how the JS code generator similarly avoids the character sequence `</script`.
+
 ## 0.12.19
 
 * Add support for CSS source maps ([#519](https://github.com/evanw/esbuild/issues/519))
diff --git a/internal/css_printer/css_printer.go b/internal/css_printer/css_printer.go
index 3694d3abad6..468554d904a 100644
--- a/internal/css_printer/css_printer.go
+++ b/internal/css_printer/css_printer.go
@@ -2,6 +2,7 @@ package css_printer
 
 import (
 	"fmt"
+	"strings"
 	"unicode/utf8"
 
 	"github.com/evanw/esbuild/internal/ast"
@@ -485,6 +486,12 @@ func (p *printer) printQuotedWithQuote(text string, quote byte) {
 				escape = escapeBackslash
 			}
 
+		case '/':
+			// Avoid generating the sequence "</style" in CSS code
+			if i >= 1 && text[i-1] == '<' && strings.HasPrefix(text[i+1:], "style") {
+				escape = escapeBackslash
+			}
+
 		default:
 			if (p.options.ASCIIOnly && c >= 0x80) || c == '\uFEFF' {
 				escape = escapeHex
diff --git a/internal/css_printer/css_printer_test.go b/internal/css_printer/css_printer_test.go
index 9f5a0ad697e..d1964e890a8 100644
--- a/internal/css_printer/css_printer_test.go
+++ b/internal/css_printer/css_printer_test.go
@@ -86,6 +86,11 @@ func TestStringQuote(t *testing.T) {
 	expectPrintedString(t, "f\nG", "\"f\\aG\"")
 	expectPrintedString(t, "f\x01o", "\"f\x01o\"")
 	expectPrintedString(t, "f\to", "\"f\to\"")
+
+	expectPrintedString(t, "</script>", "\"</script>\"")
+	expectPrintedString(t, "</style>", "\"<\\/style>\"")
+	expectPrintedString(t, "</style", "\"<\\/style\"")
+	expectPrintedString(t, ">/style", "\">/style\"")
 }
 
 func TestURLQuote(t *testing.T) {
diff --git a/internal/js_printer/js_printer.go b/internal/js_printer/js_printer.go
index 2603447b7b2..9569943b6b9 100644
--- a/internal/js_printer/js_printer.go
+++ b/internal/js_printer/js_printer.go
@@ -216,6 +216,7 @@ func (p *printer) printUnquotedUTF16(text []uint16, quote rune) {
 			js = append(js, "\\\\"...)
 
 		case '/':
+			// Avoid generating the sequence "</script" in JS code
 			if i >= 2 && text[i-2] == '<' && i+6 <= len(text) && js_lexer.UTF16EqualsString(text[i:i+6], "script") {
 				js = append(js, '\\')
 			}