diff --git a/lib/saxes.js b/lib/saxes.js index 7a06a718..2493ec0f 100644 --- a/lib/saxes.js +++ b/lib/saxes.js @@ -672,6 +672,9 @@ class SAXParser { if (c === "&") { this.state = S_ATTRIB_VALUE_ENTITY_Q; } + else if (c === "<") { + this.fail("Invalid character."); + } else { this.attribValue += c; } @@ -712,6 +715,9 @@ class SAXParser { if (c === "&") { this.state = S_ATTRIB_VALUE_ENTITY_U; } + else if (c === "<") { + this.fail("Invalid character."); + } else { this.attribValue += c; }