diff --git a/lib/saxes.js b/lib/saxes.js index 357b342b..64886589 100644 --- a/lib/saxes.js +++ b/lib/saxes.js @@ -1018,29 +1018,25 @@ class SAXParser { } parseEntity() { - let { entity } = this; + const { entity } = this; - if (this.ENTITIES[entity]) { - return this.ENTITIES[entity]; + const defined = this.ENTITIES[entity]; + if (defined) { + return defined; } - let num; - let numStr = ""; - entity = entity.toLowerCase(); + let num = NaN; if (entity[0] === "#") { - if (entity[1] === "x") { - entity = entity.slice(2); - num = parseInt(entity, 16); - numStr = num.toString(16); + if ((entity[1] === "x" || entity[1] === "X") && + /^#[x|X][0-9a-fA-F]+$/.test(entity)) { + num = parseInt(entity.slice(2), 16); } - else { - entity = entity.slice(1); - num = parseInt(entity); - numStr = num.toString(10); + else if (/^#[0-9]+$/.test(entity)) { + num = parseInt(entity.slice(1), 10); } } - entity = entity.replace(/^0+/, ""); - if (Number.isNaN(num) || numStr.toLowerCase() !== entity) { + + if (Number.isNaN(num)) { this.fail("Invalid character entity"); return `&${this.entity};`; } diff --git a/test/bad-entities.js b/test/bad-entities.js new file mode 100644 index 00000000..30a534fd --- /dev/null +++ b/test/bad-entities.js @@ -0,0 +1,37 @@ +"use strict"; + +require(".").test({ + name: "empty entity", + xml: "&;", + expect: [ + ["opentagstart", { name: "r", attributes: {} }], + ["opentag", { name: "r", attributes: {}, isSelfClosing: false }], + ["error", "Invalid character entity\nLine: 0\nColumn: 5\nChar: ;"], + ["text", "&;"], + ["closetag", "r"], + ], +}); + +require(".").test({ + name: "empty decimal entity", + xml: "&#;", + expect: [ + ["opentagstart", { name: "r", attributes: {} }], + ["opentag", { name: "r", attributes: {}, isSelfClosing: false }], + ["error", "Invalid character entity\nLine: 0\nColumn: 6\nChar: ;"], + ["text", "&#;"], + ["closetag", "r"], + ], +}); + +require(".").test({ + name: "empty hex entity", + xml: "&#x;", + expect: [ + ["opentagstart", { name: "r", attributes: {} }], + ["opentag", { name: "r", attributes: {}, isSelfClosing: false }], + ["error", "Invalid character entity\nLine: 0\nColumn: 7\nChar: ;"], + ["text", "&#x;"], + ["closetag", "r"], + ], +});