1877069780
Validate XML numeric character references before string construction
2026-03-24 04:22:50 +09:00
6c1bfbc7a5
Refactor XMLTokener.unescapeEntity() to reduce complexity
...
Extracted hex and decimal parsing logic into separate methods to
address SonarQube complexity warning:
- parseHexEntity(): handles ઼ format
- parseDecimalEntity(): handles { format
This reduces cyclomatic complexity while maintaining identical
functionality and all validation checks.
2026-01-28 09:52:25 +00:00
534ce3c4d1
Fix input validation in XMLTokener.unescapeEntity()
...
Fix StringIndexOutOfBoundsException and NumberFormatException in
XMLTokener.unescapeEntity() when parsing malformed XML numeric
character references.
Issues:
- &#; (empty numeric reference) caused StringIndexOutOfBoundsException
- &#txx; (invalid decimal) caused NumberFormatException
- &#xGGG; (invalid hex) caused NumberFormatException
Changes:
- Add length validation before accessing character positions
- Add isValidHex() and isValidDecimal() helper methods
- Throw proper JSONException with descriptive messages
Fixes #1035 , Fixes #1036
2026-01-27 11:40:18 +00:00
4d6de8c00a
Remove unused constructor and add comment above other constructor
2023-12-13 14:04:05 +02:00
e430db40aa
Update XMLParserConfiguration to not be static and add a comment about the use of shouldTrimWhiteSpace
2023-11-30 10:05:54 +02:00
30f5b2de79
Add a config flag to disable whitespace trimming
2023-11-20 17:50:22 +02:00
6daabb43ab
update-copyright - Replace copyright and license restrictions with Public Domain
2022-08-23 20:00:25 -05:00
e18f42becc
fixes #537 corrects case-sensitive entity unescape
2020-07-20 18:38:35 -04:00
2b0a8838ef
gradle support
2020-05-22 11:17:44 -05:00
74e4932cfc
Transform the repository into standard maven format and merge the pom.xml of the release repo
2020-04-29 19:24:44 +02:00
Yuki Matsuhashi
OwenSanzas
Keaton Taylor
stleary
John J. Aylward
Benjamin Gehrels