Backups/JSON-java
1
0
Fork 0
mirror of https://github.com/stleary/JSON-java.git synced 2026-05-19 00:00:46 -04:00
Code Issues Projects Releases Wiki Activity

Validate XML numeric character references before string construction

Browse Source
This commit is contained in:
Yuki Matsuhashi
2026-03-24 03:55:29 +09:00
parent b959027aa2
commit 1877069780
3 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/org/json/XMLTokener.java
+3
View File
@@ -167,6 +167,9 @@ public class XMLTokener extends JSONTokener {
int cp = (e.charAt(1) == 'x' || e.charAt(1) == 'X')
? parseHexEntity(e)
: parseDecimalEntity(e);
if (XML.mustEscape(cp)) {
throw new JSONException("Invalid numeric character reference: &#" + e.substring(1) + ";");
}
return new String(new int[] {cp}, 0, 1);
}
Character knownEntity = entity.get(e);