diff --git a/lib/saxes.js b/lib/saxes.js
index 357b342b..64886589 100644
--- a/lib/saxes.js
+++ b/lib/saxes.js
@@ -1018,29 +1018,25 @@ class SAXParser {
}
parseEntity() {
- let { entity } = this;
+ const { entity } = this;
- if (this.ENTITIES[entity]) {
- return this.ENTITIES[entity];
+ const defined = this.ENTITIES[entity];
+ if (defined) {
+ return defined;
}
- let num;
- let numStr = "";
- entity = entity.toLowerCase();
+ let num = NaN;
if (entity[0] === "#") {
- if (entity[1] === "x") {
- entity = entity.slice(2);
- num = parseInt(entity, 16);
- numStr = num.toString(16);
+ if ((entity[1] === "x" || entity[1] === "X") &&
+ /^#[x|X][0-9a-fA-F]+$/.test(entity)) {
+ num = parseInt(entity.slice(2), 16);
}
- else {
- entity = entity.slice(1);
- num = parseInt(entity);
- numStr = num.toString(10);
+ else if (/^#[0-9]+$/.test(entity)) {
+ num = parseInt(entity.slice(1), 10);
}
}
- entity = entity.replace(/^0+/, "");
- if (Number.isNaN(num) || numStr.toLowerCase() !== entity) {
+
+ if (Number.isNaN(num)) {
this.fail("Invalid character entity");
return `&${this.entity};`;
}
diff --git a/test/bad-entities.js b/test/bad-entities.js
new file mode 100644
index 00000000..30a534fd
--- /dev/null
+++ b/test/bad-entities.js
@@ -0,0 +1,37 @@
+"use strict";
+
+require(".").test({
+ name: "empty entity",
+ xml: "&;",
+ expect: [
+ ["opentagstart", { name: "r", attributes: {} }],
+ ["opentag", { name: "r", attributes: {}, isSelfClosing: false }],
+ ["error", "Invalid character entity\nLine: 0\nColumn: 5\nChar: ;"],
+ ["text", "&;"],
+ ["closetag", "r"],
+ ],
+});
+
+require(".").test({
+ name: "empty decimal entity",
+ xml: "",
+ expect: [
+ ["opentagstart", { name: "r", attributes: {} }],
+ ["opentag", { name: "r", attributes: {}, isSelfClosing: false }],
+ ["error", "Invalid character entity\nLine: 0\nColumn: 6\nChar: ;"],
+ ["text", ""],
+ ["closetag", "r"],
+ ],
+});
+
+require(".").test({
+ name: "empty hex entity",
+ xml: "",
+ expect: [
+ ["opentagstart", { name: "r", attributes: {} }],
+ ["opentag", { name: "r", attributes: {}, isSelfClosing: false }],
+ ["error", "Invalid character entity\nLine: 0\nColumn: 7\nChar: ;"],
+ ["text", ""],
+ ["closetag", "r"],
+ ],
+});