From 4fd67a17c00b89136eba1ef74fbba2ddc5508246 Mon Sep 17 00:00:00 2001 From: Louis-Dominique Dubeau Date: Thu, 5 Jul 2018 16:09:01 -0400 Subject: [PATCH] fix: raise an error on < in attribute values --- lib/saxes.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/saxes.js b/lib/saxes.js index 7a06a718..2493ec0f 100644 --- a/lib/saxes.js +++ b/lib/saxes.js @@ -672,6 +672,9 @@ class SAXParser { if (c === "&") { this.state = S_ATTRIB_VALUE_ENTITY_Q; } + else if (c === "<") { + this.fail("Invalid character."); + } else { this.attribValue += c; } @@ -712,6 +715,9 @@ class SAXParser { if (c === "&") { this.state = S_ATTRIB_VALUE_ENTITY_U; } + else if (c === "<") { + this.fail("Invalid character."); + } else { this.attribValue += c; }