diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2019-11-11 12:52:35 -0800 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2019-11-11 12:52:35 -0800 |
| commit | cb1cd888cce0cae20a33663d6d17ef7630c5d4d7 (patch) | |
| tree | 203fed956b1e831cdbb2e149e9271ae67b0eaa0a /src | |
| parent | 7d04065de4c793003af01647ff23132de1c9e919 (diff) | |
Fix entity parser (and api test) to respect length limit on numeric entities.
Diffstat (limited to 'src')
| -rw-r--r-- | src/inlines.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/inlines.c b/src/inlines.c index 2a84242..263a39b 100644 --- a/src/inlines.c +++ b/src/inlines.c @@ -784,13 +784,18 @@ static cmark_node *handle_backslash(subject *subj) { static cmark_node *handle_entity(subject *subj) { cmark_strbuf ent = CMARK_BUF_INIT(subj->mem); bufsize_t len; + int length_limit = 256; advance(subj); len = houdini_unescape_ent(&ent, subj->input.data + subj->pos, subj->input.len - subj->pos); - if (len == 0) + if (peek_char(subj) == '#') { + length_limit = 9; // includes #, optional x for hex, and ; + } + + if (len <= 0 || len > length_limit) return make_str(subj, subj->pos - 1, subj->pos - 1, cmark_chunk_literal("&")); subj->pos += len; |