Disallow <! in <script>

Summary:
HTML5 has this crazy script escaping states:

- Script data escaped dash dash state
- Script data double escaped state

https://communities.coverity.com/blogs/security/2012/11/16/did-i-do-that-html-5-js-escapers-3

Perhaps `<!` is too aggressive but I didn't spend much time searching for a more fine grained expression.

Test Plan: Searched for `renderInlineScript()`.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D7329

src/applications/differential/controller/DifferentialRevisionViewController.php

@@ -51,6 +51,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
     $diff_vs = $request->getInt('vs');
 
     $target_id = $request->getInt('id');
+    phlog($target_id);
     $target = idx($diffs, $target_id, end($diffs));
 
     $target_manual = $target;

src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php

@@ -89,6 +89,8 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView {
         $new = null;
       }
 
+      phlog($this->selectedVersusDiffID, $this->selectedDiffID);
+
       if ($max_id != $id) {
         $uniq = celerity_generate_unique_node_id();
         $old_checked = ($this->selectedVersusDiffID == $id);

src/infrastructure/celerity/CelerityStaticResourceResponse.php

@@ -193,6 +193,9 @@ final class CelerityStaticResourceResponse {
       throw new Exception(
         'Literal </script> is not allowed inside inline script.');
     }
+    if (strpos($data, '<!') !== false) {
+      throw new Exception('Literal <! is not allowed inside inline script.');
+    }
     return hsprintf(
       // We don't use <![CDATA[ ]]> because it is ignored by HTML parsers. We
       // would need to send the document with XHTML content type.