Skip to content

Commit

Permalink
Fixed infinite loop for char "&" in unquoted attribute
Browse files Browse the repository at this point in the history
  • Loading branch information
@miso-belica
miso-belica committed Feb 11, 2014
1 parent 23479b1 commit a1e7f33
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/HTML5/Parser/Tokenizer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,6 +483,7 @@ protected function unquotedAttributeValue() {
while (strspn($tok, $stoplist) == 0 && $tok !== FALSE) {
if ($tok == '&') {
$val .= $this->decodeCharacterReference(TRUE);
$tok = $this->scanner->current();
}
else {
if(strspn($tok, "\"'<=`") > 0) {
Expand Down
2 changes: 2 additions & 0 deletions test/HTML5/Parser/TokenizerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,6 +379,8 @@ public function testTagAttributes() {
$reallyBad = array(
'<foo ="bar">' => array('foo', array('=' => NULL, '"bar"' => NULL), FALSE),
'<foo////>' => array('foo', array(), TRUE),
// character "&" in unquoted attribute shouldn't cause an infinite loop
'<foo bar=index.php?str=1&amp;id=29>' => array('foo', array('bar' => 'index.php?str=1&id=29'), FALSE),
);
foreach ($reallyBad as $test => $expects) {
$events = $this->parse($test);
Expand Down

0 comments on commit a1e7f33

Please sign in to comment.