fast-xml-parser 5.5.6 → 5.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/fxp.cjs +1 -1
  3. package/lib/fxp.min.js +1 -1
  4. package/lib/fxp.min.js.map +1 -1
  5. package/lib/fxparser.min.js +1 -1
  6. package/lib/fxparser.min.js.map +1 -1
  7. package/package.json +2 -2
  8. package/src/xmlparser/DocTypeReader.js +26 -17
  9. package/src/xmlparser/OptionsBuilder.js +6 -6
  10. package/src/xmlparser/OrderedObjParser.js +2 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "fast-xml-parser",
3
- "version": "5.5.6",
3
+ "version": "5.5.7",
4
4
  "description": "Validate XML, Parse XML, Build XML without C/C++ based libraries",
5
5
  "main": "./lib/fxp.cjs",
6
6
  "type": "module",
@@ -89,6 +89,6 @@
89
89
  "dependencies": {
90
90
  "fast-xml-builder": "^1.1.4",
91
91
  "path-expression-matcher": "^1.1.3",
92
- "strnum": "^2.1.2"
92
+ "strnum": "^2.2.0"
93
93
  }
94
94
  }
package/src/xmlparser/DocTypeReader.js CHANGED
@@ -28,7 +28,7 @@ export default class DocTypeReader {
28
28
  [entityName, val, i] = this.readEntityExp(xmlData, i + 1, this.suppressValidationErr);
29
29
  if (val.indexOf("&") === -1) { //Parameter entities are not supported
30
30
  if (this.options.enabled !== false &&
31
- this.options.maxEntityCount &&
31
+ this.options.maxEntityCount != null &&
32
32
  entityCount >= this.options.maxEntityCount) {
33
33
  throw new Error(
34
34
  `Entity count (${entityCount + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`
@@ -100,11 +100,12 @@ export default class DocTypeReader {
100
100
  i = skipWhitespace(xmlData, i);
101
101
 
102
102
  // Read entity name
103
- let entityName = "";
103
+ const startIndex = i;
104
104
  while (i < xmlData.length && !/\s/.test(xmlData[i]) && xmlData[i] !== '"' && xmlData[i] !== "'") {
105
- entityName += xmlData[i];
106
105
  i++;
107
106
  }
107
+ let entityName = xmlData.substring(startIndex, i);
108
+
108
109
  validateEntityName(entityName);
109
110
 
110
111
  // Skip whitespace after entity name
@@ -125,7 +126,7 @@ export default class DocTypeReader {
125
126
 
126
127
  // Validate entity size
127
128
  if (this.options.enabled !== false &&
128
- this.options.maxEntitySize &&
129
+ this.options.maxEntitySize != null &&
129
130
  entityValue.length > this.options.maxEntitySize) {
130
131
  throw new Error(
131
132
  `Entity "${entityName}" size (${entityValue.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`
@@ -141,11 +142,13 @@ export default class DocTypeReader {
141
142
  i = skipWhitespace(xmlData, i);
142
143
 
143
144
  // Read notation name
144
- let notationName = "";
145
+
146
+ const startIndex = i;
145
147
  while (i < xmlData.length && !/\s/.test(xmlData[i])) {
146
- notationName += xmlData[i];
147
148
  i++;
148
149
  }
150
+ let notationName = xmlData.substring(startIndex, i);
151
+
149
152
  !this.suppressValidationErr && validateEntityName(notationName);
150
153
 
151
154
  // Skip whitespace after notation name
@@ -195,10 +198,11 @@ export default class DocTypeReader {
195
198
  }
196
199
  i++;
197
200
 
201
+ const startIndex = i;
198
202
  while (i < xmlData.length && xmlData[i] !== startChar) {
199
- identifierVal += xmlData[i];
200
203
  i++;
201
204
  }
205
+ identifierVal = xmlData.substring(startIndex, i);
202
206
 
203
207
  if (xmlData[i] !== startChar) {
204
208
  throw new Error(`Unterminated ${type} value`);
@@ -218,11 +222,11 @@ export default class DocTypeReader {
218
222
  i = skipWhitespace(xmlData, i);
219
223
 
220
224
  // Read element name
221
- let elementName = "";
225
+ const startIndex = i;
222
226
  while (i < xmlData.length && !/\s/.test(xmlData[i])) {
223
- elementName += xmlData[i];
224
227
  i++;
225
228
  }
229
+ let elementName = xmlData.substring(startIndex, i);
226
230
 
227
231
  // Validate element name
228
232
  if (!this.suppressValidationErr && !isName(elementName)) {
@@ -239,10 +243,12 @@ export default class DocTypeReader {
239
243
  i++; // Move past '('
240
244
 
241
245
  // Read content model
246
+ const startIndex = i;
242
247
  while (i < xmlData.length && xmlData[i] !== ")") {
243
- contentModel += xmlData[i];
244
248
  i++;
245
249
  }
250
+ contentModel = xmlData.substring(startIndex, i);
251
+
246
252
  if (xmlData[i] !== ")") {
247
253
  throw new Error("Unterminated content model");
248
254
  }
@@ -263,11 +269,11 @@ export default class DocTypeReader {
263
269
  i = skipWhitespace(xmlData, i);
264
270
 
265
271
  // Read element name
266
- let elementName = "";
272
+ let startIndex = i;
267
273
  while (i < xmlData.length && !/\s/.test(xmlData[i])) {
268
- elementName += xmlData[i];
269
274
  i++;
270
275
  }
276
+ let elementName = xmlData.substring(startIndex, i);
271
277
 
272
278
  // Validate element name
273
279
  validateEntityName(elementName)
@@ -276,11 +282,11 @@ export default class DocTypeReader {
276
282
  i = skipWhitespace(xmlData, i);
277
283
 
278
284
  // Read attribute name
279
- let attributeName = "";
285
+ startIndex = i;
280
286
  while (i < xmlData.length && !/\s/.test(xmlData[i])) {
281
- attributeName += xmlData[i];
282
287
  i++;
283
288
  }
289
+ let attributeName = xmlData.substring(startIndex, i);
284
290
 
285
291
  // Validate attribute name
286
292
  if (!validateEntityName(attributeName)) {
@@ -308,11 +314,13 @@ export default class DocTypeReader {
308
314
  // Read the list of allowed notations
309
315
  let allowedNotations = [];
310
316
  while (i < xmlData.length && xmlData[i] !== ")") {
311
- let notation = "";
317
+
318
+
319
+ const startIndex = i;
312
320
  while (i < xmlData.length && xmlData[i] !== "|" && xmlData[i] !== ")") {
313
- notation += xmlData[i];
314
321
  i++;
315
322
  }
323
+ let notation = xmlData.substring(startIndex, i);
316
324
 
317
325
  // Validate notation name
318
326
  notation = notation.trim();
@@ -338,10 +346,11 @@ export default class DocTypeReader {
338
346
  attributeType += " (" + allowedNotations.join("|") + ")";
339
347
  } else {
340
348
  // Handle simple types (e.g., CDATA, ID, IDREF, etc.)
349
+ const startIndex = i;
341
350
  while (i < xmlData.length && !/\s/.test(xmlData[i])) {
342
- attributeType += xmlData[i];
343
351
  i++;
344
352
  }
353
+ attributeType += xmlData.substring(startIndex, i);
345
354
 
346
355
  // Validate simple attribute type
347
356
  const validTypes = ["CDATA", "ID", "IDREF", "IDREFS", "ENTITY", "ENTITIES", "NMTOKEN", "NMTOKENS"];
package/src/xmlparser/OptionsBuilder.js CHANGED
@@ -103,12 +103,12 @@ function normalizeProcessEntities(value) {
103
103
  // Object config - merge with defaults
104
104
  if (typeof value === 'object' && value !== null) {
105
105
  return {
106
- enabled: value.enabled !== false, // default true if not specified
107
- maxEntitySize: value.maxEntitySize ?? 10000,
108
- maxExpansionDepth: value.maxExpansionDepth ?? 10,
109
- maxTotalExpansions: value.maxTotalExpansions ?? 1000,
110
- maxExpandedLength: value.maxExpandedLength ?? 100000,
111
- maxEntityCount: value.maxEntityCount ?? 100,
106
+ enabled: value.enabled !== false,
107
+ maxEntitySize: Math.max(1, value.maxEntitySize ?? 10000),
108
+ maxExpansionDepth: Math.max(1, value.maxExpansionDepth ?? 10),
109
+ maxTotalExpansions: Math.max(1, value.maxTotalExpansions ?? 1000),
110
+ maxExpandedLength: Math.max(1, value.maxExpandedLength ?? 100000),
111
+ maxEntityCount: Math.max(1, value.maxEntityCount ?? 100),
112
112
  allowedTags: value.allowedTags ?? null,
113
113
  tagFilter: value.tagFilter ?? null
114
114
  };
package/src/xmlparser/OrderedObjParser.js CHANGED
@@ -422,6 +422,8 @@ const parseXml = function (xmlData) {
422
422
  if (this.options.strictReservedNames &&
423
423
  (tagName === this.options.commentPropName
424
424
  || tagName === this.options.cdataPropName
425
+ || tagName === this.options.textNodeName
426
+ || tagName === this.options.attributesGroupName
425
427
  )) {
426
428
  throw new Error(`Invalid tag name: ${tagName}`);
427
429
  }