105 lines
4.5 KiB
Diff
105 lines
4.5 KiB
Diff
From e03590c9adfed2856866b5b1edaaf339b4523913 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Tue, 8 Feb 2022 02:42:30 +0100
|
|
Subject: [PATCH 3/3] Don't add IDs containing unexpanded entity references
|
|
|
|
When parsing without entity substitution, IDs or IDREFs containing
|
|
unexpanded entity reference like "abc&x;def" could be created. We could
|
|
try to expand these entities like in validation mode, but it seems
|
|
safer to honor the request not to expand entities. We silently ignore
|
|
such IDs for now.
|
|
---
|
|
SAX2.c | 41 ++++++++++++++++++++++-------------------
|
|
1 file changed, 22 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/SAX2.c b/SAX2.c
|
|
index edfb06f3..ae6181c4 100644
|
|
--- a/SAX2.c
|
|
+++ b/SAX2.c
|
|
@@ -1368,7 +1368,12 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname,
|
|
#endif /* LIBXML_VALID_ENABLED */
|
|
if (((ctxt->loadsubset & XML_SKIP_IDS) == 0) &&
|
|
(((ctxt->replaceEntities == 0) && (ctxt->external != 2)) ||
|
|
- ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0)))) {
|
|
+ ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0))) &&
|
|
+ /* Don't create IDs containing entity references */
|
|
+ (ret->children != NULL) &&
|
|
+ (ret->children->type == XML_TEXT_NODE) &&
|
|
+ (ret->children->next == NULL)) {
|
|
+ xmlChar *content = ret->children->content;
|
|
/*
|
|
* when validating, the ID registration is done at the attribute
|
|
* validation level. Otherwise we have to do specific handling here.
|
|
@@ -1379,16 +1384,16 @@ xmlSAX2AttributeInternal(void *ctx, const xmlChar *fullname,
|
|
*
|
|
* Open issue: normalization of the value.
|
|
*/
|
|
- if (xmlValidateNCName(value, 1) != 0) {
|
|
+ if (xmlValidateNCName(content, 1) != 0) {
|
|
xmlErrValid(ctxt, XML_DTD_XMLID_VALUE,
|
|
"xml:id : attribute value %s is not an NCName\n",
|
|
- (const char *) value, NULL);
|
|
+ (const char *) content, NULL);
|
|
}
|
|
- xmlAddID(&ctxt->vctxt, ctxt->myDoc, value, ret);
|
|
+ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret);
|
|
} else if (xmlIsID(ctxt->myDoc, ctxt->node, ret))
|
|
- xmlAddID(&ctxt->vctxt, ctxt->myDoc, value, ret);
|
|
+ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret);
|
|
else if (xmlIsRef(ctxt->myDoc, ctxt->node, ret))
|
|
- xmlAddRef(&ctxt->vctxt, ctxt->myDoc, value, ret);
|
|
+ xmlAddRef(&ctxt->vctxt, ctxt->myDoc, content, ret);
|
|
}
|
|
|
|
error:
|
|
@@ -2121,7 +2126,12 @@ xmlSAX2AttributeNs(xmlParserCtxtPtr ctxt,
|
|
#endif /* LIBXML_VALID_ENABLED */
|
|
if (((ctxt->loadsubset & XML_SKIP_IDS) == 0) &&
|
|
(((ctxt->replaceEntities == 0) && (ctxt->external != 2)) ||
|
|
- ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0)))) {
|
|
+ ((ctxt->replaceEntities != 0) && (ctxt->inSubset == 0))) &&
|
|
+ /* Don't create IDs containing entity references */
|
|
+ (ret->children != NULL) &&
|
|
+ (ret->children->type == XML_TEXT_NODE) &&
|
|
+ (ret->children->next == NULL)) {
|
|
+ xmlChar *content = ret->children->content;
|
|
/*
|
|
* when validating, the ID registration is done at the attribute
|
|
* validation level. Otherwise we have to do specific handling here.
|
|
@@ -2134,27 +2144,20 @@ xmlSAX2AttributeNs(xmlParserCtxtPtr ctxt,
|
|
*
|
|
* Open issue: normalization of the value.
|
|
*/
|
|
- if (dup == NULL)
|
|
- dup = xmlStrndup(value, valueend - value);
|
|
#if defined(LIBXML_SAX1_ENABLED) || defined(LIBXML_HTML_ENABLED) || defined(LIBXML_WRITER_ENABLED) || defined(LIBXML_DOCB_ENABLED) || defined(LIBXML_LEGACY_ENABLED)
|
|
#ifdef LIBXML_VALID_ENABLED
|
|
- if (xmlValidateNCName(dup, 1) != 0) {
|
|
+ if (xmlValidateNCName(content, 1) != 0) {
|
|
xmlErrValid(ctxt, XML_DTD_XMLID_VALUE,
|
|
"xml:id : attribute value %s is not an NCName\n",
|
|
- (const char *) dup, NULL);
|
|
+ (const char *) content, NULL);
|
|
}
|
|
#endif
|
|
#endif
|
|
- xmlAddID(&ctxt->vctxt, ctxt->myDoc, dup, ret);
|
|
+ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret);
|
|
} else if (xmlIsID(ctxt->myDoc, ctxt->node, ret)) {
|
|
- /* might be worth duplicate entry points and not copy */
|
|
- if (dup == NULL)
|
|
- dup = xmlStrndup(value, valueend - value);
|
|
- xmlAddID(&ctxt->vctxt, ctxt->myDoc, dup, ret);
|
|
+ xmlAddID(&ctxt->vctxt, ctxt->myDoc, content, ret);
|
|
} else if (xmlIsRef(ctxt->myDoc, ctxt->node, ret)) {
|
|
- if (dup == NULL)
|
|
- dup = xmlStrndup(value, valueend - value);
|
|
- xmlAddRef(&ctxt->vctxt, ctxt->myDoc, dup, ret);
|
|
+ xmlAddRef(&ctxt->vctxt, ctxt->myDoc, content, ret);
|
|
}
|
|
}
|
|
if (dup != NULL)
|
|
--
|
|
2.27.0
|
|
|