(commons-text) branch master updated: Validate code point range in NumericEntityUnescaper.translate (#747)

Tue, 02 Jun 2026 04:29:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

garydgregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-text.git


The following commit(s) were added to refs/heads/master by this push:
     new 238c88d6 Validate code point range in NumericEntityUnescaper.translate 
(#747)
238c88d6 is described below

commit 238c88d6d01f6a2adaf8db3f3ba5993ea2f8b0fc
Author: Javid Khan <[email protected]>
AuthorDate: Tue Jun 2 16:58:54 2026 +0530

    Validate code point range in NumericEntityUnescaper.translate (#747)
    
    * validate code point range in NumericEntityUnescaper.translate
    
    * Add test for out-of-range code points in NumericEntityUnescaper
---
 .../apache/commons/text/translate/NumericEntityUnescaper.java    | 3 +++
 .../commons/text/translate/NumericEntityUnescaperTest.java       | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git 
a/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java 
b/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java
index fbae351b..3231e979 100644
--- 
a/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java
+++ 
b/src/main/java/org/apache/commons/text/translate/NumericEntityUnescaper.java
@@ -151,6 +151,9 @@ public class NumericEntityUnescaper extends 
CharSequenceTranslator {
                 return 0;
             }
 
+            if (!Character.isValidCodePoint(entityValue)) {
+                return 0;
+            }
             if (entityValue > 0xFFFF) {
                 final char[] chrs = Character.toChars(entityValue);
                 writer.write(chrs[0]);
diff --git 
a/src/test/java/org/apache/commons/text/translate/NumericEntityUnescaperTest.java
 
b/src/test/java/org/apache/commons/text/translate/NumericEntityUnescaperTest.java
index df9e661b..e3205e6e 100644
--- 
a/src/test/java/org/apache/commons/text/translate/NumericEntityUnescaperTest.java
+++ 
b/src/test/java/org/apache/commons/text/translate/NumericEntityUnescaperTest.java
@@ -53,6 +53,15 @@ class NumericEntityUnescaperTest  {
         assertEquals("Test &#X", neu.translate("Test &#X"), "Failed to ignore 
when last character is &");
     }
 
+    @Test
+    void testOutOfRangeCodePoint() {
+        final NumericEntityUnescaper neu = new NumericEntityUnescaper();
+
+        assertEquals("&#x110000;", neu.translate("&#x110000;"), "Failed to 
ignore code point above 0x10FFFF");
+        assertEquals("&#1114112;", neu.translate("&#1114112;"), "Failed to 
ignore code point above 0x10FFFF");
+        assertEquals("&#x7FFFFFFF;", neu.translate("&#x7FFFFFFF;"), "Failed to 
ignore code point above 0x10FFFF");
+    }
+
     @Test
     void testSupplementaryUnescaping() {
         final NumericEntityUnescaper neu = new NumericEntityUnescaper();

Reply via email to