Ensure that references > MAX_REFERENCE_SIZE are not processed

This commit ensures that only HTML references of length <
MAX_REFERENCE_SIZE are considered as potential references. This check is
possible because reference longer than 10 digits are out of bounds for
Integers.

Closes gh-1249
This commit is contained in:
d4ksn
2021-11-16 15:01:28 +01:00
committed by Brian Clozel
parent aaf626a537
commit 29572600dc
2 changed files with 7 additions and 7 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -72,7 +72,7 @@ class HtmlCharacterEntityDecoder {
boolean isPotentialReference = (this.nextPotentialReferencePosition != -1 &&
this.nextSemicolonPosition != -1 &&
this.nextPotentialReferencePosition - this.nextSemicolonPosition < MAX_REFERENCE_SIZE);
this.nextSemicolonPosition - this.nextPotentialReferencePosition < MAX_REFERENCE_SIZE);
if (isPotentialReference) {
break;