Merge pull request from GHSA-gpv5-7x3g-ghjv

juliangilbey · Julian Gilbey · web-flow · commit 9a880b887916 · 2023-06-13T17:12:22.000+05:30
Co-authored-by: Julian Gilbey &lt;jdg@debian.org&gt;
diff --git a/spec/entities_spec.js b/spec/entities_spec.js
@@ -376,6 +376,7 @@ describe("XMLParser Entities", function() {
 
         expect(result).toEqual(expected);
     });
+
     it("should throw error if an entity name contains special char", function() {
         const xmlData = `
         <?xml version="1.0" encoding="UTF-8"?>
@@ -392,7 +393,48 @@ describe("XMLParser Entities", function() {
         expect(() =>{
             const parser = new XMLParser(options);
             parser.parse(xmlData);
-        }).toThrowError("Invalid character $ in entity name")
+        }).toThrowError("Invalid entity name nj$")
+    });
+
+    it("should allow localised entity names", function() {
+        const xmlData = `
+        <?xml version="1.0" encoding="UTF-8"?>
+
+        <!DOCTYPE note [
+        <!ENTITY ሀሎ "Amharic hello!">
+        <!ENTITY Здраво "Macedonian hello.">
+        ]>
+
+        <note>
+            <heading>Reminder</heading>
+            <body attr="&ሀሎ;">Don't forget me this weekend! &Здраво;</body>
+        </note> `;
+
+        const expected = {
+            "?xml": {
+                "version": "1.0",
+                "encoding": "UTF-8"
+            },
+            "note": {
+                "heading": "Reminder",
+                "body": {
+                    "#text": "Don't forget me this weekend! Macedonian hello.",
+                    "attr": "Amharic hello!"
+                }
+            }
+        };
+
+        const options = {
+            attributeNamePrefix: "",
+            ignoreAttributes:    false,
+            processEntities: true,
+            htmlEntities: true
+        };
+        const parser = new XMLParser(options);
+        let result = parser.parse(xmlData);
+        // console.log(JSON.stringify(result,null,4));
+
+        expect(result).toEqual(expected);
     });
 });
 
diff --git a/src/xmlparser/DocTypeReader.js b/src/xmlparser/DocTypeReader.js
@@ -1,3 +1,5 @@
+const util = require('../util');
+
 //TODO: handle comments
 function readDocType(xmlData, i){
     
@@ -145,11 +147,10 @@ function isNotation(xmlData, i){
 const specialChar = "!?\\\/[]$%{}^&*()<>|+";
 
 function validateEntityName(name){
-    for (let i = 0; i < specialChar.length; i++) {
-        const ch = specialChar[i];
-        if(name.indexOf(ch) !== -1) throw new Error(`Invalid character ${ch} in entity name`);
-    }
-    return name;
+    if (util.isName(name))
+	return name;
+    else
+        throw new Error(`Invalid entity name ${name}`);
 }
 
-module.exports = readDocType;
+module.exports = readDocType;
