HTML 5's Tokenizer defines different states that can occur within a
<script> tag. If the value
<!-- is inserted, the tokenizer will be at the Script data escaped dash dash state. From here, one can insert
<script> and be at the Script data double escaped state. These states are respected by HTML 5 capable browser. If the state is changed without closing the state, a parse error ought to occur.
The escaper should be updated to Unicode escape PS, LS,
The bug can be seen on Spring's JIRA