Merge pull request #579 from mozilla/validate-convert-entity-code-points

Validate convert entity code points
mozilla · Jan 26, 2021 · cd838c3 · cd838c3
2 parents 90cb80b + 612b808
commit cd838c3
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 7 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,8 +1,23 @@
 Bleach changes
 ==============
 
+Version 3.2.3 (January 26th, 2021)
+----------------------------------
+
+**Security fixes**
+
+None
+
+**Features**
+
+None
+
+**Bug fixes**
+
+* fix clean and linkify raising ValueErrors for certain inputs. Thank you @Google-Autofuzz.
+
 Version 3.2.2 (January 20th, 2021)
-------------------------------------
+----------------------------------
 
 **Security fixes**
 

diff --git a/bleach/__init__.py b/bleach/__init__.py
@@ -18,9 +18,9 @@
 
 
 # yyyymmdd
-__releasedate__ = "20210120"
+__releasedate__ = "20210126"
 # x.y.z or x.y.z.dev0 -- semver
-__version__ = "3.2.2"
+__version__ = "3.2.3"
 VERSION = packaging.version.Version(__version__)
 
 

diff --git a/bleach/html5lib_shim.py b/bleach/html5lib_shim.py
@@ -459,9 +459,22 @@ def convert_entity(value):
     if value[0] == "#":
         if len(value) < 2:
             return None
+
         if value[1] in ("x", "X"):
-            return six.unichr(int(value[2:], 16))
-        return six.unichr(int(value[1:], 10))
+            # hex-encoded code point
+            int_as_string, base = value[2:], 16
+        else:
+            # decimal code point
+            int_as_string, base = value[1:], 10
+
+        if int_as_string == "":
+            return None
+
+        code_point = int(int_as_string, base)
+        if 0 < code_point < 0x110000:
+            return six.unichr(code_point)
+        else:
+            return None
 
     return ENTITIES.get(value, None)
 

diff --git a/tests/test_html5lib_shim.py b/tests/test_html5lib_shim.py
@@ -19,6 +19,16 @@
         ("&xx;", "&xx;"),
         # Handles multiple entities in the same string
         ("this &amp; that &amp; that", "this & that & that"),
+        # Handles empty decimal and hex encoded code points
+        ("&#x;", "&#x;"),
+        ("&#;", "&#;"),
+        # Handles too high unicode points
+        ("&#x110000;", "&#x110000;"),
+        ("&#x110111;", "&#x110111;"),
+        ("&#9277809;", "&#9277809;"),
+        # Handles negative unicode points
+        ("&#-1;", "&#-1;"),
+        ("&#x-1;", "&#x-1;"),
     ],
 )
 def test_convert_entities(data, expected):

diff --git a/tests_website/index.html b/tests_website/index.html
@@ -2,7 +2,7 @@
 <html>
     <head>
         <meta charset="UTF-8">
-        <title>Python Bleach 3.2.2</title>
+        <title>Python Bleach 3.2.3</title>
         <style>
          textarea, iframe {
              width: 95%;
@@ -20,7 +20,7 @@
         </style>
     </head>
     <body>
-        <h2>Python Bleach 3.2.2</h2>
+        <h2>Python Bleach 3.2.3</h2>
         <p>
             <a href="http://badge.fury.io/py/bleach"><img style="max-width:100%;" alt="pypi version" src="https://badge.fury.io/py/bleach.svg"></a>
             <a href="https://github.com/mozilla/bleach/actions?query=workflow%3ATest"><img style="max-width:100%;" alt="Build Status" src="https://github.com/mozilla/bleach/workflows/Test/badge.svg"></a>