From a5cf11dac52606141dd246f88d8c59688462e395 Mon Sep 17 00:00:00 2001
From: Vicent Marti <tanoku@gmail.com>
Date: Sat, 6 Sep 2014 20:48:54 +0200
Subject: Entity declarations

---
 src/html/houdini_html_u.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 src/html/houdini_html_u.c

(limited to 'src/html/houdini_html_u.c')

diff --git a/src/html/houdini_html_u.c b/src/html/houdini_html_u.c
new file mode 100644
index 0000000..762f980
--- /dev/null
+++ b/src/html/houdini_html_u.c
@@ -0,0 +1,99 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "houdini.h"
+#include "utf8.h"
+#include "html_unescape.h"
+
+size_t
+houdini_unescape_ent(strbuf *ob, const uint8_t *src, size_t size)
+{
+	size_t i = 0;
+
+	if (size > 3 && src[0] == '#') {
+		int codepoint = 0;
+
+		if (_isdigit(src[1])) {
+			for (i = 1; i < size && _isdigit(src[i]); ++i)
+				codepoint = (codepoint * 10) + (src[i] - '0');
+		}
+
+		else if (src[1] == 'x' || src[1] == 'X') {
+			for (i = 2; i < size && _isxdigit(src[i]); ++i)
+				codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
+		}
+
+		if (i < size && src[i] == ';') {
+			utf8proc_encode_char(codepoint, ob);
+			return i + 1;
+		}
+	}
+
+	else {
+		if (size > MAX_WORD_LENGTH)
+			size = MAX_WORD_LENGTH;
+
+		for (i = MIN_WORD_LENGTH; i < size; ++i) {
+			if (src[i] == ' ')
+				break;
+
+			if (src[i] == ';') {
+				const struct html_ent *entity = find_entity((char *)src, i);
+
+				if (entity != NULL) {
+					strbuf_put(ob, entity->utf8, entity->utf8_len);
+					return i + 1;
+				}
+
+				break;
+			}
+		}
+	}
+
+	return 0;
+}
+
+int
+houdini_unescape_html(strbuf *ob, const uint8_t *src, size_t size)
+{
+	size_t  i = 0, org, ent;
+
+	while (i < size) {
+		org = i;
+		while (i < size && src[i] != '&')
+			i++;
+
+		if (likely(i > org)) {
+			if (unlikely(org == 0)) {
+				if (i >= size)
+					return 0;
+
+				strbuf_grow(ob, HOUDINI_UNESCAPED_SIZE(size));
+			}
+
+			strbuf_put(ob, src + org, i - org);
+		}
+
+		/* escaping */
+		if (i >= size)
+			break;
+
+		i++;
+
+		ent = houdini_unescape_ent(ob, src + i, size - i);
+		i += ent;
+
+		/* not really an entity */
+		if (ent == 0)
+			strbuf_putc(ob, '&');
+	}
+
+	return 1;
+}
+
+void houdini_unescape_html_f(strbuf *ob, const uint8_t *src, size_t size)
+{
+	if (!houdini_unescape_html(ob, src, size))
+		strbuf_put(ob, src, size);
+}
-- 
cgit v1.2.3


From 9d86d2f32303ae0048f6a5daa552bacceb9b12ea Mon Sep 17 00:00:00 2001
From: Vicent Marti <tanoku@gmail.com>
Date: Tue, 9 Sep 2014 04:00:36 +0200
Subject: Update the spec with better entity handling

---
 Makefile                  |  4 ++--
 spec.txt                  | 22 ++++++++++++----------
 src/html/houdini_html_u.c |  2 +-
 3 files changed, 15 insertions(+), 13 deletions(-)

(limited to 'src/html/houdini_html_u.c')

diff --git a/Makefile b/Makefile
index b5e487d..5d13272 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
-CFLAGS=-g -pg -O3 -Wall -Wextra -std=c99 -Isrc $(OPTFLAGS)
-LDFLAGS=-g -pg -O3 -Wall -Werror
+CFLAGS=-g -O3 -Wall -Wextra -std=c99 -Isrc $(OPTFLAGS)
+LDFLAGS=-g -O3 -Wall -Werror
 SRCDIR=src
 DATADIR=data
 
diff --git a/spec.txt b/spec.txt
index ebd6d98..112dccc 100644
--- a/spec.txt
+++ b/spec.txt
@@ -3762,20 +3762,20 @@ as the "unknown codepoint" character (`0xFFFD`)
 
 [Hexadecimal entities](#hexadecimal-entities) <a id="hexadecimal-entities"></a>
 consist of `&#` + either `X` or `x` + a string of 1-8 hexadecimal digits
-+ `;`.
++ `;`. They will also be parsed and turned into their corresponding UTF8 values in the AST.
 
 .
-&#x1; &#X22; &#XD06; &#xcab;
+&#X22; &#XD06; &#xcab;
 .
-<p>&#x1; &#X22; &#XD06; &#xcab;</p>
+<p>&quot; ആ ಫ</p>
 .
 
 Here are some nonentities:
 
 .
-&nbsp &x; &#; &#x; &#123456789; &ThisIsWayTooLongToBeAnEntityIsntIt; &hi?;
+&nbsp &x; &#; &#x; &ThisIsWayTooLongToBeAnEntityIsntIt; &hi?;
 .
-<p>&amp;nbsp &amp;x; &amp;#; &amp;#x; &amp;#123456789; &amp;ThisIsWayTooLongToBeAnEntityIsntIt; &amp;hi?;</p>
+<p>&amp;nbsp &amp;x; &amp;#; &amp;#x; &amp;ThisIsWayTooLongToBeAnEntityIsntIt; &amp;hi?;</p>
 .
 
 Although HTML5 does accept some entities without a trailing semicolon
@@ -3808,7 +3808,7 @@ code blocks, including raw HTML, URLs, [link titles](#link-title), and
 .
 [foo](/f&ouml;&ouml; "f&ouml;&ouml;")
 .
-<p><a href="/f&ouml;&ouml;" title="f&ouml;&ouml;">foo</a></p>
+<p><a href="/f%C3%B6%C3%B6" title="föö">foo</a></p>
 .
 
 .
@@ -3816,7 +3816,7 @@ code blocks, including raw HTML, URLs, [link titles](#link-title), and
 
 [foo]: /f&ouml;&ouml; "f&ouml;&ouml;"
 .
-<p><a href="/f&ouml;&ouml;" title="f&ouml;&ouml;">foo</a></p>
+<p><a href="/f%C3%B6%C3%B6" title="föö">foo</a></p>
 .
 
 .
@@ -3824,7 +3824,7 @@ code blocks, including raw HTML, URLs, [link titles](#link-title), and
 foo
 ```
 .
-<pre><code class="language-f&ouml;&ouml;">foo
+<pre><code class="language-föö">foo
 </code></pre>
 .
 
@@ -4817,12 +4817,14 @@ in Markdown:
 <p><a href="foo):">link</a></p>
 .
 
-URL-escaping and entities should be left alone inside the destination:
+URL-escaping and should be left alone inside the destination, as all URL-escaped characters
+are also valid URL characters. HTML entities in the destination will be parsed into their UTF8
+codepoints, as usual, and optionally URL-escaped when written as HTML.
 
 .
 [link](foo%20b&auml;)
 .
-<p><a href="foo%20b&auml;">link</a></p>
+<p><a href="foo%20b%C3%A4">link</a></p>
 .
 
 Note that, because titles can often be parsed as destinations,
diff --git a/src/html/houdini_html_u.c b/src/html/houdini_html_u.c
index 762f980..b8e2d8d 100644
--- a/src/html/houdini_html_u.c
+++ b/src/html/houdini_html_u.c
@@ -24,7 +24,7 @@ houdini_unescape_ent(strbuf *ob, const uint8_t *src, size_t size)
 				codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
 		}
 
-		if (i < size && src[i] == ';') {
+		if (i < size && src[i] == ';' && codepoint) {
 			utf8proc_encode_char(codepoint, ob);
 			return i + 1;
 		}
-- 
cgit v1.2.3


From 0ae7f4f53720e867c92ac9465062285293568856 Mon Sep 17 00:00:00 2001
From: Vicent Marti <tanoku@gmail.com>
Date: Wed, 10 Sep 2014 20:02:01 +0200
Subject: Handle overflows in the codepoint parser

---
 src/html/houdini_html_u.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 'src/html/houdini_html_u.c')

diff --git a/src/html/houdini_html_u.c b/src/html/houdini_html_u.c
index b8e2d8d..49b4956 100644
--- a/src/html/houdini_html_u.c
+++ b/src/html/houdini_html_u.c
@@ -15,13 +15,25 @@ houdini_unescape_ent(strbuf *ob, const uint8_t *src, size_t size)
 		int codepoint = 0;
 
 		if (_isdigit(src[1])) {
-			for (i = 1; i < size && _isdigit(src[i]); ++i)
-				codepoint = (codepoint * 10) + (src[i] - '0');
+			for (i = 1; i < size && _isdigit(src[i]); ++i) {
+				int cp = (codepoint * 10) + (src[i] - '0');
+
+				if (cp < codepoint)
+					return 0;
+
+				codepoint = cp;
+			}
 		}
 
 		else if (src[1] == 'x' || src[1] == 'X') {
-			for (i = 2; i < size && _isxdigit(src[i]); ++i)
-				codepoint = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
+			for (i = 2; i < size && _isxdigit(src[i]); ++i) {
+				int cp = (codepoint * 16) + ((src[i] | 32) % 39 - 9);
+
+				if (cp < codepoint)
+					return 0;
+
+				codepoint = cp;
+			}
 		}
 
 		if (i < size && src[i] == ';' && codepoint) {
-- 
cgit v1.2.3