fast-xml-parser 5.5.11 → 5.6.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fast-xml-parser",
-  "version": "5.5.11",
+  "version": "5.6.0",
   "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries",
   "main": "./lib/fxp.cjs",
   "type": "module",
@@ -87,8 +87,9 @@
     }
   ],
   "dependencies": {
+    "@nodable/entities": "^1.1.0",
     "fast-xml-builder": "^1.1.4",
-    "path-expression-matcher": "^1.4.0",
+    "path-expression-matcher": "^1.5.0",
     "strnum": "^2.2.3"
   }
 }

package/src/fxp.d.ts

@@ -66,20 +66,23 @@ export class Expression {
 }
 
 // ---------------------------------------------------------------------------
-// ReadonlyMatcher
+// MatcherView
 // ---------------------------------------------------------------------------
 
 /**
- * A live read-only view of a Matcher instance, returned by Matcher.readOnly.
+ * A lightweight, live read-only view of a Matcher instance.
  *
- * All query and inspection methods work normally and always reflect the current
- * state of the underlying matcher. State-mutating methods (`push`, `pop`,
- * `reset`, `updateCurrent`, `restore`) are not present — calling them on the
- * underlying Proxy throws a `TypeError` at runtime.
+ * Returned by `Matcher.readOnly()`. The same instance is reused across every
+ * callback invocation — no allocation overhead per call. Reads directly from
+ * the parent Matcher's internal state so it always reflects the current parser
+ * position with no copying or freezing.
+ *
+ * Mutation methods (`push`, `pop`, `reset`, `updateCurrent`, `restore`) are
+ * simply absent — misuse is caught at compile time by TypeScript.
  *
  * This is the type received by all FXP user callbacks when `jPath: false`.
  */
-export interface ReadonlyMatcher {
+export class MatcherView {
   readonly separator: string;
 
   /** Check if current path matches an Expression. */
@@ -111,14 +114,14 @@ export interface ReadonlyMatcher {
 
   /** Current path as an array of tag names. */
   toArray(): string[];
-
-  /**
-   * Create a snapshot of the current state.
-   * The snapshot can be passed to the real Matcher.restore if needed.
-   */
-  snapshot(): MatcherSnapshot;
 }
 
+/**
+ * @deprecated Use {@link MatcherView} instead.
+ * Alias kept for backward compatibility.
+ */
+export type ReadonlyMatcher = MatcherView;
+
 /** Internal node structure — exposed via snapshot only. */
 export interface PathNode {
   tag: string;
@@ -141,8 +144,8 @@ export interface MatcherSnapshot {
  **********************************************************************/
 
 // jPath: true  → string
-// jPath: false → ReadonlyMatcher
-type JPathOrMatcher = string | ReadonlyMatcher;
+// jPath: false → MatcherView
+type JPathOrMatcher = string | MatcherView;
 type JPathOrExpression = string | Expression;
 
 export type ProcessEntitiesOptions = {

package/src/xmlparser/OrderedObjParser.js

@@ -8,6 +8,7 @@ import toNumber from "strnum";
 import getIgnoreAttributesFn from "../ignoreAttributes.js";
 import { Expression, Matcher } from 'path-expression-matcher';
 import { ExpressionSet } from 'path-expression-matcher';
+import EntityReplacer, { COMMON_HTML, NUMERIC_ENTITIES, CURRENCY_ENTITIES } from '@nodable/entities';
 
 // const regx =
 //   '<((!\\[CDATA\\[([\\s\\S]*?)(]]>))|((NAME:)?(NAME))([^>]*)>|((\\/)(NAME)\\s*>))([^<]*)'
@@ -72,32 +73,6 @@ export default class OrderedObjParser {
     this.options = options;
     this.currentNode = null;
     this.tagsNodeStack = [];
-    this.docTypeEntities = {};
-    this.lastEntities = {
-      "apos": { regex: /&(apos|#39|#x27);/g, val: "'" },
-      "gt": { regex: /&(gt|#62|#x3E);/g, val: ">" },
-      "lt": { regex: /&(lt|#60|#x3C);/g, val: "<" },
-      "quot": { regex: /&(quot|#34|#x22);/g, val: "\"" },
-    };
-    this.ampEntity = { regex: /&(amp|#38|#x26);/g, val: "&" };
-    this.htmlEntities = {
-      "space": { regex: /&(nbsp|#160);/g, val: " " },
-      // "lt" : { regex: /&(lt|#60);/g, val: "<" },
-      // "gt" : { regex: /&(gt|#62);/g, val: ">" },
-      // "amp" : { regex: /&(amp|#38);/g, val: "&" },
-      // "quot" : { regex: /&(quot|#34);/g, val: "\"" },
-      // "apos" : { regex: /&(apos|#39);/g, val: "'" },
-      "cent": { regex: /&(cent|#162);/g, val: "¢" },
-      "pound": { regex: /&(pound|#163);/g, val: "£" },
-      "yen": { regex: /&(yen|#165);/g, val: "¥" },
-      "euro": { regex: /&(euro|#8364);/g, val: "€" },
-      "copyright": { regex: /&(copy|#169);/g, val: "©" },
-      "reg": { regex: /&(reg|#174);/g, val: "®" },
-      "inr": { regex: /&(inr|#8377);/g, val: "₹" },
-      "num_dec": { regex: /&#([0-9]{1,7});/g, val: (_, str) => fromCodePoint(str, 10, "&#") },
-      "num_hex": { regex: /&#x([0-9a-fA-F]{1,6});/g, val: (_, str) => fromCodePoint(str, 16, "&#x") },
-    };
-    this.addExternalEntities = addExternalEntities;
     this.parseXml = parseXml;
     this.parseTextData = parseTextData;
     this.resolveNameSpace = resolveNameSpace;
@@ -111,6 +86,16 @@ export default class OrderedObjParser {
     this.entityExpansionCount = 0;
     this.currentExpandedLength = 0;
 
+    this.entityReplacer = new EntityReplacer({
+      default: true,
+      // amp:     true,
+      system: this.options.htmlEntities ? { ...COMMON_HTML, ...NUMERIC_ENTITIES, ...CURRENCY_ENTITIES } : {},
+      maxTotalExpansions: this.options.processEntities.maxTotalExpansions,
+      maxExpandedLength: this.options.processEntities.maxExpandedLength,
+      applyLimitsTo: "all",
+      //postCheck: resolved => resolved
+    });
+
     // Initialize path matcher for path-expression-matcher
     this.matcher = new Matcher();
 
@@ -141,17 +126,6 @@ export default class OrderedObjParser {
 
 }
 
-function addExternalEntities(externalEntities) {
-  const entKeys = Object.keys(externalEntities);
-  for (let i = 0; i < entKeys.length; i++) {
-    const ent = entKeys[i];
-    const escaped = ent.replace(/[.\-+*:]/g, '\\.');
-    this.lastEntities[ent] = {
-      regex: new RegExp("&" + escaped + ";", "g"),
-      val: externalEntities[ent]
-    }
-  }
-}
 
 /**
  * @param {string} val
@@ -308,9 +282,6 @@ const parseXml = function (xmlData) {
   // Reset entity expansion counters for this document
   this.entityExpansionCount = 0;
   this.currentExpandedLength = 0;
-  this.docTypeEntitiesKeys = [];
-  this.lastEntitiesKeys = Object.keys(this.lastEntities);
-  this.htmlEntitiesKeys = this.options.htmlEntities ? Object.keys(this.htmlEntities) : [];
   const options = this.options;
   const docTypeReader = new DocTypeReader(options.processEntities);
   const xmlLen = xmlData.length;
@@ -390,8 +361,7 @@ const parseXml = function (xmlData) {
       } else if (c1 === 33
         && xmlData.charCodeAt(i + 2) === 68) { //'!D'
         const result = docTypeReader.readDocType(xmlData, i);
-        this.docTypeEntities = result.entities;
-        this.docTypeEntitiesKeys = Object.keys(this.docTypeEntities) || []
+        this.entityReplacer.addInputEntities(result.entities);
         i = result.i;
       } else if (c1 === 33
         && xmlData.charCodeAt(i + 2) === 91) { // '!['
@@ -632,78 +602,7 @@ function replaceEntitiesValue(val, tagName, jPath) {
     }
   }
 
-  // Replace DOCTYPE entities
-  for (const entityName of this.docTypeEntitiesKeys) {
-    const entity = this.docTypeEntities[entityName];
-    const matches = val.match(entity.regx);
-
-    if (matches) {
-      // Track expansions
-      this.entityExpansionCount += matches.length;
-
-      // Check expansion limit
-      if (entityConfig.maxTotalExpansions &&
-        this.entityExpansionCount > entityConfig.maxTotalExpansions) {
-        throw new Error(
-          `Entity expansion limit exceeded: ${this.entityExpansionCount} > ${entityConfig.maxTotalExpansions}`
-        );
-      }
-
-      // Store length before replacement
-      const lengthBefore = val.length;
-      val = val.replace(entity.regx, entity.val);
-
-      // Check expanded length immediately after replacement
-      if (entityConfig.maxExpandedLength) {
-        this.currentExpandedLength += (val.length - lengthBefore);
-
-        if (this.currentExpandedLength > entityConfig.maxExpandedLength) {
-          throw new Error(
-            `Total expanded content size exceeded: ${this.currentExpandedLength} > ${entityConfig.maxExpandedLength}`
-          );
-        }
-      }
-    }
-  }
-  if (val.indexOf('&') === -1) return val;
-  // Replace standard entities
-  for (const entityName of this.lastEntitiesKeys) {
-    const entity = this.lastEntities[entityName];
-    const matches = val.match(entity.regex);
-    if (matches) {
-      this.entityExpansionCount += matches.length;
-      if (entityConfig.maxTotalExpansions &&
-        this.entityExpansionCount > entityConfig.maxTotalExpansions) {
-        throw new Error(
-          `Entity expansion limit exceeded: ${this.entityExpansionCount} > ${entityConfig.maxTotalExpansions}`
-        );
-      }
-    }
-    val = val.replace(entity.regex, entity.val);
-  }
-  if (val.indexOf('&') === -1) return val;
-
-  // Replace HTML entities if enabled
-  for (const entityName of this.htmlEntitiesKeys) {
-    const entity = this.htmlEntities[entityName];
-    const matches = val.match(entity.regex);
-    if (matches) {
-      //console.log(matches);
-      this.entityExpansionCount += matches.length;
-      if (entityConfig.maxTotalExpansions &&
-        this.entityExpansionCount > entityConfig.maxTotalExpansions) {
-        throw new Error(
-          `Entity expansion limit exceeded: ${this.entityExpansionCount} > ${entityConfig.maxTotalExpansions}`
-        );
-      }
-    }
-    val = val.replace(entity.regex, entity.val);
-  }
-
-  // Replace ampersand entity last
-  val = val.replace(this.ampEntity.regex, this.ampEntity.val);
-
-  return val;
+  return this.entityReplacer.replace(val);
 }
 
 

package/src/xmlparser/XMLParser.js

@@ -32,7 +32,7 @@ export default class XMLParser {
             }
         }
         const orderedObjParser = new OrderedObjParser(this.options);
-        orderedObjParser.addExternalEntities(this.externalEntities);
+        orderedObjParser.entityReplacer.setExternalEntities(this.externalEntities);
         const orderedResult = orderedObjParser.parseXml(xmlData);
         if (this.options.preserveOrder || orderedResult === undefined) return orderedResult;
         else return prettify(orderedResult, this.options, orderedObjParser.matcher, orderedObjParser.readonlyMatcher);