Fix invalid XML entity handling in attributes

kasthack · kasthack · commit 2107f77c334b · 2019-07-31T15:09:11.000+03:00
diff --git a/src/AngleSharp.Xml.Tests/Tokenizer/XmlTokenization.cs b/src/AngleSharp.Xml.Tests/Tokenizer/XmlTokenization.cs
@@ -182,5 +182,34 @@ public void XmlTokenizerTagWithAttributeContainingEntity()
             Assert.AreEqual("bar", foo.Attributes[0].Key);
             Assert.AreEqual("\"quz\"", foo.Attributes[0].Value);
         }
+
+        [Test]
+        public void XmlTokenizerTagWithInvalidReferenceThrows()
+        {
+            var s = new TextSource("<foo bar=\"&#34\" baz=\"123\"/>");
+            var t = CreateTokenizer(s);
+            t.IsSuppressingErrors = false;
+            Assert.Throws<XmlParseException>(() => t.Get());
+        }
+
+
+        [Test]
+        public void XmlTokenizerTagWithInvalidReferenceSuppresses()
+        {
+            var s = new TextSource("<foo bar=\"&#34\" baz=\"123\">");
+            var t = CreateTokenizer(s);
+            t.IsSuppressingErrors = true;
+            var foo = t.Get() as XmlTagToken;
+
+            Assert.IsNotNull(foo);
+            Assert.AreEqual(XmlTokenType.StartTag, foo.Type);
+            Assert.IsFalse(foo.IsSelfClosing);
+            Assert.AreEqual("foo", foo.Name);
+            Assert.AreEqual(2, foo.Attributes.Count);
+            Assert.AreEqual("bar", foo.Attributes[0].Key);
+            Assert.AreEqual("&#34", foo.Attributes[0].Value);
+            Assert.AreEqual("baz", foo.Attributes[1].Key);
+            Assert.AreEqual("123", foo.Attributes[1].Value);
+        }
     }
 }
diff --git a/src/AngleSharp.Xml/Parser/XmlTokenizer.cs b/src/AngleSharp.Xml/Parser/XmlTokenizer.cs
@@ -247,7 +247,23 @@ private String CharacterReference()
             if (!IsSuppressingErrors)
                 throw XmlParseError.CharacterReferenceNotTerminated.At(GetCurrentPosition());
 
-            StringBuffer.Insert(start, Symbols.Ampersand);
+            if (c == Symbols.DoubleQuote)
+            {
+                this.Back();
+            }
+
+            StringBuffer.Insert(start++, Symbols.Ampersand);
+
+            if (numeric)
+            {
+                StringBuffer.Insert(start++, Symbols.Num);
+            }
+
+            if (hex)
+            {
+                StringBuffer.Insert(start++, 'x');
+            }
+
             return String.Empty;
         }
 
