From 9a880b887916855c3a510869fd1ee268d7fe58b1 Mon Sep 17 00:00:00 2001
From: Julian Gilbey <julian-git@d-and-j.net>
Date: Tue, 13 Jun 2023 12:42:22 +0100
Subject: [PATCH] Merge pull request from GHSA-gpv5-7x3g-ghjv

Co-authored-by: Julian Gilbey <jdg@debian.org>
---
 spec/entities_spec.js          | 44 +++++++++++++++++++++++++++++++++-
 src/xmlparser/DocTypeReader.js | 13 +++++-----
 2 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/spec/entities_spec.js b/spec/entities_spec.js
index a4606d46..8c963f6a 100644
--- a/spec/entities_spec.js
+++ b/spec/entities_spec.js
@@ -376,6 +376,7 @@ describe("XMLParser Entities", function() {
 
         expect(result).toEqual(expected);
     });
+
     it("should throw error if an entity name contains special char", function() {
         const xmlData = `
         <?xml version="1.0" encoding="UTF-8"?>
@@ -392,7 +393,48 @@ describe("XMLParser Entities", function() {
         expect(() =>{
             const parser = new XMLParser(options);
             parser.parse(xmlData);
-        }).toThrowError("Invalid character $ in entity name")
+        }).toThrowError("Invalid entity name nj$")
+    });
+
+    it("should allow localised entity names", function() {
+        const xmlData = `
+        <?xml version="1.0" encoding="UTF-8"?>
+
+        <!DOCTYPE note [
+        <!ENTITY ሀሎ "Amharic hello!">
+        <!ENTITY Здраво "Macedonian hello.">
+        ]>
+
+        <note>
+            <heading>Reminder</heading>
+            <body attr="&ሀሎ;">Don't forget me this weekend! &Здраво;</body>
+        </note> `;
+
+        const expected = {
+            "?xml": {
+                "version": "1.0",
+                "encoding": "UTF-8"
+            },
+            "note": {
+                "heading": "Reminder",
+                "body": {
+                    "#text": "Don't forget me this weekend! Macedonian hello.",
+                    "attr": "Amharic hello!"
+                }
+            }
+        };
+
+        const options = {
+            attributeNamePrefix: "",
+            ignoreAttributes:    false,
+            processEntities: true,
+            htmlEntities: true
+        };
+        const parser = new XMLParser(options);
+        let result = parser.parse(xmlData);
+        // console.log(JSON.stringify(result,null,4));
+
+        expect(result).toEqual(expected);
     });
 });
 
diff --git a/src/xmlparser/DocTypeReader.js b/src/xmlparser/DocTypeReader.js
index a144ade8..013dfc5f 100644
--- a/src/xmlparser/DocTypeReader.js
+++ b/src/xmlparser/DocTypeReader.js
@@ -1,3 +1,5 @@
+const util = require('../util');
+
 //TODO: handle comments
 function readDocType(xmlData, i){
     
@@ -145,11 +147,10 @@ function isNotation(xmlData, i){
 const specialChar = "!?\\\/[]$%{}^&*()<>|+";
 
 function validateEntityName(name){
-    for (let i = 0; i < specialChar.length; i++) {
-        const ch = specialChar[i];
-        if(name.indexOf(ch) !== -1) throw new Error(`Invalid character ${ch} in entity name`);
-    }
-    return name;
+    if (util.isName(name))
+	return name;
+    else
+        throw new Error(`Invalid entity name ${name}`);
 }
 
-module.exports = readDocType;
\ No newline at end of file
+module.exports = readDocType;