hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Restrict E4X processing instruction disambiguation to the <?xml ...?> case.

Browse Source
This commit is contained in:
Max Schaefer
2019-02-24 20:56:43 +00:00
parent 5a775d9cc7
commit f726125b71
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/extractor/src/com/semmle/jcorn/CustomParser.java
View File

@@ -551,11 +551,13 @@ public class CustomParser extends FlowParser {
// chunk of E4X content and a Flow type annotation (both can start with `<?`)
// hence if we can't find the closing `?>` of a putative XML processing instruction
// we backtrack and try lexing as something else
// to avoid frequent backtracking, we only consider `<?xml ...?>` processing instructions;
// while other processing instructions are technically possible, they are unlikely in practice
if (this.options.e4x()) {
while (code == '<') {
if (charAt(this.pos+1) == '?') {
if (inputSubstring(this.pos+1, this.pos+5).equals("?xml")) {
int oldPos = this.pos;
this.pos += 2;
this.pos += 5;
if (!jsx_readUntil("?>")) {
// didn't find a closing `?>`, so backtrack
this.pos = oldPos;