fix: correctly remove JavaScript // comments without breaking code

renatomarinho · renatomarinho · commit 8747d4bc76e1 · 2025-10-24T21:43:33.000+01:00
- Fix RemoveComments middleware to preserve // inside strings
- Implement character-by-character parser for single-line comments
- Add comprehensive test suite for edge cases
- Fix issue where comments after strings caused code to break
- Preserve URLs with // (http://, https://)
- Maintain line ending styles (\r\n, \n, \r)

Tests added:
- JavaScriptCommentsBugTest: Tests for reported bug scenarios
- EdgeCaseCommentsTest: Edge cases (strings, regex, URLs)
- Enhanced existing tests with new assertions

All 41 tests passing with 183 assertions.

Fixes issue where // comments were incorrectly removed from inside
strings, causing JavaScript to break when combined with
CollapseWhitespace middleware.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -17,7 +17,7 @@ updates:
       include: "scope"
     versioning-strategy: increase
     target-branch: "develop"
-    
+
   # Enable version updates for GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -1,38 +1,38 @@
 name: Auto Merge
 
 on:
-  pull_request:
-    types: [opened, synchronize, reopened, labeled]
-  pull_request_review:
-    types: [submitted]
+    pull_request:
+        types: [opened, synchronize, reopened, labeled]
+    pull_request_review:
+        types: [submitted]
 
 permissions:
-  contents: write
-  pull-requests: write
+    contents: write
+    pull-requests: write
 
 jobs:
-  auto-merge:
-    name: Auto Merge Dependabot PRs
-    runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
-    
-    steps:
-      - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v2
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      
-      - name: Enable auto-merge for Dependabot PRs
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      
-      - name: Approve patch and minor updates
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
-        run: gh pr review --approve "$PR_URL"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    auto-merge:
+        name: Auto Merge Dependabot PRs
+        runs-on: ubuntu-latest
+        if: github.actor == 'dependabot[bot]'
+
+        steps:
+            - name: Dependabot metadata
+              id: metadata
+              uses: dependabot/fetch-metadata@v2
+              with:
+                  github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+            - name: Enable auto-merge for Dependabot PRs
+              if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+              run: gh pr merge --auto --squash "$PR_URL"
+              env:
+                  PR_URL: ${{ github.event.pull_request.html_url }}
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Approve patch and minor updates
+              if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
+              run: gh pr review --approve "$PR_URL"
+              env:
+                  PR_URL: ${{ github.event.pull_request.html_url }}
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -15,7 +15,7 @@ jobs:
         name: Validate PR
         runs-on: ubuntu-latest
         if: github.event.pull_request.draft == false
-        
+
         steps:
             - name: Checkout code
               uses: actions/checkout@v4
@@ -83,16 +83,16 @@ jobs:
                       } catch (e) {
                           console.log('Could not read coverage');
                       }
-                      
+
                       const body = `## 🔍 Pull Request Validation Results
-                      
+
                       - ✅ **Code Style**: PSR-2 compliant
                       - ✅ **Tests**: All passing
                       - 📊 **Coverage**: ${coverage}
                       - 🚀 **Ready to merge**
-                      
+
                       *Automated validation by GitHub Actions*`;
-                      
+
                       github.rest.issues.createComment({
                           issue_number: context.issue.number,
                           owner: context.repo.owner,
diff --git a/src/Middleware/RemoveComments.php b/src/Middleware/RemoveComments.php
@@ -4,17 +4,146 @@
 
 class RemoveComments extends PageSpeed
 {
-    const REGEX_MATCH_JS_AND_CSS_COMMENTS = '/(?:(?:\/\*(?:[^*]|(?:\*+[^*\/]))*\*+\/)|(?:(?<!\:|\\\|\'|\")\/\/.*))/';
+    const REGEX_MATCH_MULTILINE_COMMENTS = '/\/\*(?:[^*]|(?:\*+[^*\/]))*\*+\//';
     const REGEX_MATCH_HTML_COMMENTS = '/<!--[^]><!\[](.*?)[^\]]-->/s';
 
     public function apply($buffer)
     {
-        $buffer = $this->replaceInsideHtmlTags(['script', 'style'], self::REGEX_MATCH_JS_AND_CSS_COMMENTS, '', $buffer);
+        // First, remove multi-line comments (/* ... */)
+        $buffer = $this->replaceInsideHtmlTags(['script', 'style'], self::REGEX_MATCH_MULTILINE_COMMENTS, '', $buffer);
+        
+        // Then, remove single-line comments (//) more carefully
+        $buffer = $this->removeSingleLineComments($buffer);
 
         $replaceHtmlRules = [
             self::REGEX_MATCH_HTML_COMMENTS => '',
         ];
 
         return $this->replace($replaceHtmlRules, $buffer);
     }
+    
+    /**
+     * Remove single-line comments (//) from script tags while preserving them inside strings
+     * 
+     * @param string $buffer
+     * @return string
+     */
+    protected function removeSingleLineComments($buffer)
+    {
+        foreach ($this->matchAllHtmlTag(['script', 'style'], $buffer) as $tagMatched) {
+            $tagAfterReplace = $this->removeCommentsFromTag($tagMatched);
+            $buffer = str_replace($tagMatched, $tagAfterReplace, $buffer);
+        }
+        
+        return $buffer;
+    }
+    
+    /**
+     * Remove // comments from a script/style tag content
+     * 
+     * @param string $tag
+     * @return string
+     */
+    protected function removeCommentsFromTag($tag)
+    {
+        // Detect line ending style
+        $lineEnding = "\n";
+        if (strpos($tag, "\r\n") !== false) {
+            $lineEnding = "\r\n";
+        } elseif (strpos($tag, "\r") !== false) {
+            $lineEnding = "\r";
+        }
+        
+        // Split by lines to process each line
+        $lines = preg_split('/\r\n|\r|\n/', $tag);
+        $processedLines = [];
+        
+        foreach ($lines as $line) {
+            $processedLines[] = $this->removeSingleLineCommentFromLine($line);
+        }
+        
+        return implode($lineEnding, $processedLines);
+    }
+    
+    /**
+     * Remove // comment from a single line while preserving // inside strings
+     * 
+     * @param string $line
+     * @return string
+     */
+    protected function removeSingleLineCommentFromLine($line)
+    {
+        $result = '';
+        $length = strlen($line);
+        $inSingleQuote = false;
+        $inDoubleQuote = false;
+        $inRegex = false;
+        $escaped = false;
+        
+        for ($i = 0; $i < $length; $i++) {
+            $char = $line[$i];
+            $nextChar = $i + 1 < $length ? $line[$i + 1] : '';
+            $prevChar = $i > 0 ? $line[$i - 1] : '';
+            
+            // Handle escape sequences
+            if ($escaped) {
+                $result .= $char;
+                $escaped = false;
+                continue;
+            }
+            
+            if ($char === '\\' && ($inSingleQuote || $inDoubleQuote || $inRegex)) {
+                $result .= $char;
+                $escaped = true;
+                continue;
+            }
+            
+            // Toggle quote states
+            if ($char === '"' && !$inSingleQuote && !$inRegex) {
+                $inDoubleQuote = !$inDoubleQuote;
+                $result .= $char;
+                continue;
+            }
+            
+            if ($char === "'" && !$inDoubleQuote && !$inRegex) {
+                $inSingleQuote = !$inSingleQuote;
+                $result .= $char;
+                continue;
+            }
+            
+            // Handle regex literals (basic detection)
+            if ($char === '/' && !$inSingleQuote && !$inDoubleQuote) {
+                // Check if this might be a regex literal
+                // Simple heuristic: regex usually comes after =, (, [, ,, return, or at start
+                if ($prevChar === '=' || $prevChar === '(' || $prevChar === '[' || $prevChar === ',' || $prevChar === ' ') {
+                    // Look ahead to see if this looks like a regex (not a comment)
+                    if ($nextChar !== '/' && $nextChar !== '*') {
+                        $inRegex = true;
+                        $result .= $char;
+                        continue;
+                    }
+                }
+                
+                // End of regex literal
+                if ($inRegex) {
+                    $inRegex = false;
+                    $result .= $char;
+                    continue;
+                }
+            }
+            
+            // Check for // comment outside of strings
+            if (!$inSingleQuote && !$inDoubleQuote && !$inRegex && $char === '/' && $nextChar === '/') {
+                // Check if this is not part of a URL (preceded by :)
+                if ($prevChar !== ':') {
+                    // Found a comment, remove everything from here to end of line
+                    break;
+                }
+            }
+            
+            $result .= $char;
+        }
+        
+        return $result;
+    }
 }
diff --git a/tests/Boilerplate/index.html b/tests/Boilerplate/index.html
@@ -87,6 +87,9 @@ <h1>Test Background Image</h1>
             */
             console.log('Page');
             /* before - inline comment*/console.log('Speed!');// after - inline comment
+            var url = "http://example.com"; // This comment should be removed
+            var text = "Some text"; // This comment should also be removed
+            console.log('Important code'); // Don't break this
         </script>
 
         <script src="https://github.com/vinkius-labs/laravel-page-speed/test/Boilerplate/js/vendor/modernizr-3.5.0.min.js"></script>
diff --git a/tests/Middleware/CollapseWhitespaceTest.php b/tests/Middleware/CollapseWhitespaceTest.php
@@ -39,8 +39,29 @@ public function test_collapse_whitespace(): void
         $this->assertSame($compress, trim($partial[0]));
 
         $this->assertStringContainsString(
-            "<script> console.log('Laravel'); console.log('Page'); console.log('Speed!'); </script>",
+            "<script> console.log('Laravel'); console.log('Page'); console.log('Speed!'); var url = \"http://example.com\"; var text = \"Some text\"; console.log('Important code'); </script>",
             $this->response->getContent()
         );
     }
+    
+    public function test_javascript_not_broken_by_comment_removal_and_whitespace_collapse(): void
+    {
+        // This test ensures that when comments are removed and whitespace is collapsed,
+        // the JavaScript code remains functional and nothing is accidentally commented out
+        $content = $this->response->getContent();
+        
+        // Ensure all expected JavaScript statements are present
+        $this->assertStringContainsString("console.log('Laravel');", $content);
+        $this->assertStringContainsString("console.log('Page');", $content);
+        $this->assertStringContainsString("console.log('Speed!');", $content);
+        $this->assertStringContainsString('var url = "http://example.com";', $content);
+        $this->assertStringContainsString('var text = "Some text";', $content);
+        $this->assertStringContainsString("console.log('Important code');", $content);
+        
+        // Ensure comments are removed
+        $this->assertStringNotContainsString("// This comment should be removed", $content);
+        $this->assertStringNotContainsString("// This comment should also be removed", $content);
+        $this->assertStringNotContainsString("// Don't break this", $content);
+        $this->assertStringNotContainsString("// Single Line Comment", $content);
+    }
 }
diff --git a/tests/Middleware/EdgeCaseCommentsTest.php b/tests/Middleware/EdgeCaseCommentsTest.php
diff --git a/tests/Middleware/JavaScriptCommentsBugTest.php b/tests/Middleware/JavaScriptCommentsBugTest.php
diff --git a/tests/Middleware/RemoveCommentsTest.php b/tests/Middleware/RemoveCommentsTest.php
