fast-xml-parser 4.2.1 → 4.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.
|
|
2
2
|
|
|
3
|
+
**4.2.3 / 2023-06-05**
|
|
4
|
+
* fix security bug
|
|
5
|
+
|
|
6
|
+
**4.2.2 / 2023-04-18**
|
|
7
|
+
* fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag
|
|
8
|
+
|
|
3
9
|
**4.2.1 / 2023-04-18**
|
|
4
10
|
* fix: jpath after unpaired tags
|
|
5
11
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "fast-xml-parser",
|
|
3
|
-
"version": "4.2.
|
|
3
|
+
"version": "4.2.3",
|
|
4
4
|
"description": "Validate XML, Parse XML, Build XML without C/C++ based libraries",
|
|
5
5
|
"main": "./src/fxp.js",
|
|
6
6
|
"scripts": {
|
|
@@ -58,10 +58,13 @@
|
|
|
58
58
|
"webpack-cli": "^4.9.1"
|
|
59
59
|
},
|
|
60
60
|
"typings": "src/fxp.d.ts",
|
|
61
|
-
"funding": {
|
|
61
|
+
"funding": [{
|
|
62
62
|
"type": "paypal",
|
|
63
63
|
"url": "https://paypal.me/naturalintelligence"
|
|
64
|
-
},
|
|
64
|
+
},{
|
|
65
|
+
"type": "github",
|
|
66
|
+
"url": "https://github.com/sponsors/NaturalIntelligence"
|
|
67
|
+
}],
|
|
65
68
|
"dependencies": {
|
|
66
69
|
"strnum": "^1.0.5"
|
|
67
70
|
}
|
|
@@ -19,7 +19,7 @@ function readDocType(xmlData, i){
|
|
|
19
19
|
i += 7;
|
|
20
20
|
[entityName, val,i] = readEntityExp(xmlData,i+1);
|
|
21
21
|
if(val.indexOf("&") === -1) //Parameter entities are not supported
|
|
22
|
-
entities[ entityName ] = {
|
|
22
|
+
entities[ validateEntityName(entityName) ] = {
|
|
23
23
|
regx : RegExp( `&${entityName};`,"g"),
|
|
24
24
|
val: val
|
|
25
25
|
};
|
|
@@ -140,4 +140,16 @@ function isNotation(xmlData, i){
|
|
|
140
140
|
return false
|
|
141
141
|
}
|
|
142
142
|
|
|
143
|
+
//an entity name should not contains special characters that may be used in regex
|
|
144
|
+
//Eg !?\\\/[]$%{}^&*()<>
|
|
145
|
+
const specialChar = "!?\\\/[]$%{}^&*()<>";
|
|
146
|
+
|
|
147
|
+
function validateEntityName(name){
|
|
148
|
+
for (let i = 0; i < specialChar.length; i++) {
|
|
149
|
+
const ch = specialChar[i];
|
|
150
|
+
if(name.indexOf(ch) !== -1) throw new Error(`Invalid character ${ch} in entity name`);
|
|
151
|
+
}
|
|
152
|
+
return name;
|
|
153
|
+
}
|
|
154
|
+
|
|
143
155
|
module.exports = readDocType;
|
|
@@ -208,10 +208,13 @@ const parseXml = function(xmlData) {
|
|
|
208
208
|
|
|
209
209
|
//check if last tag of nested tag was unpaired tag
|
|
210
210
|
const lastTagName = jPath.substring(jPath.lastIndexOf(".")+1);
|
|
211
|
+
if(tagName && this.options.unpairedTags.indexOf(tagName) !== -1 ){
|
|
212
|
+
throw new Error(`Unpaired tag can not be used as closing tag: </${tagName}>`);
|
|
213
|
+
}
|
|
211
214
|
let propIndex = 0
|
|
212
215
|
if(lastTagName && this.options.unpairedTags.indexOf(lastTagName) !== -1 ){
|
|
213
216
|
propIndex = jPath.lastIndexOf('.', jPath.lastIndexOf('.')-1)
|
|
214
|
-
|
|
217
|
+
this.tagsNodeStack.pop();
|
|
215
218
|
}else{
|
|
216
219
|
propIndex = jPath.lastIndexOf(".");
|
|
217
220
|
}
|