Merge pull request #8 from kasthack/feature/issue-8-invalid-entity-handling

FlorianRappl · web-flow · commit 4714c2b28525 · 2019-07-31T20:03:12.000+02:00
Fix invalid XML entity handling in attributes / #9 fix
diff --git a/src/AngleSharp.Xml.Tests/Tokenizer/XmlTokenization.cs b/src/AngleSharp.Xml.Tests/Tokenizer/XmlTokenization.cs
@@ -183,6 +183,35 @@ public void XmlTokenizerTagWithAttributeContainingEntity()
             Assert.AreEqual("\"quz\"", foo.Attributes[0].Value);
         }
 
+        [Test]
+        public void XmlTokenizerTagWithInvalidReferenceThrows()
+        {
+            var s = new TextSource("<foo bar=\"&#34\" baz=\"123\"/>");
+            var t = CreateTokenizer(s);
+            t.IsSuppressingErrors = false;
+            Assert.Throws<XmlParseException>(() => t.Get());
+        }
+
+
+        [Test]
+        public void XmlTokenizerTagWithInvalidReferenceSuppresses()
+        {
+            var s = new TextSource("<foo bar=\"&#34\" baz=\"123\">");
+            var t = CreateTokenizer(s);
+            t.IsSuppressingErrors = true;
+            var foo = t.Get() as XmlTagToken;
+
+            Assert.IsNotNull(foo);
+            Assert.AreEqual(XmlTokenType.StartTag, foo.Type);
+            Assert.IsFalse(foo.IsSelfClosing);
+            Assert.AreEqual("foo", foo.Name);
+            Assert.AreEqual(2, foo.Attributes.Count);
+            Assert.AreEqual("bar", foo.Attributes[0].Key);
+            Assert.AreEqual("&#34", foo.Attributes[0].Value);
+            Assert.AreEqual("baz", foo.Attributes[1].Key);
+            Assert.AreEqual("123", foo.Attributes[1].Value);
+        }
+
         [Test]
         public void XmlTokenizerTagThrowsWithADiamond()
         {
diff --git a/src/AngleSharp.Xml/Parser/XmlTokenizer.cs b/src/AngleSharp.Xml/Parser/XmlTokenizer.cs
@@ -247,7 +247,23 @@ private String CharacterReference()
             if (!IsSuppressingErrors)
                 throw XmlParseError.CharacterReferenceNotTerminated.At(GetCurrentPosition());
 
-            StringBuffer.Insert(start, Symbols.Ampersand);
+            if (c == Symbols.DoubleQuote)
+            {
+                this.Back();
+            }
+
+            StringBuffer.Insert(start++, Symbols.Ampersand);
+
+            if (numeric)
+            {
+                StringBuffer.Insert(start++, Symbols.Num);
+            }
+
+            if (hex)
+            {
+                StringBuffer.Insert(start++, 'x');
+            }
+
             return String.Empty;
         }
 
