fix: DOCTYPE entity value should be read correctly

- was not matching till correct quote

Author: amitguptagwl

spec/entities_spec.js

@@ -47,7 +47,9 @@ describe("XMLParser Entities", function() {
     });
 
     it("should parse XML with DOCTYPE without internal DTD", function() {
-        const xmlData = "<?xml version='1.0' standalone='no'?><!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\" ><svg><metadata>test</metadata></svg>";
+        const xmlData = `<?xml version='1.0' standalone='no'?>
+            <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
+            <svg><metadata>test</metadata></svg>`;
         const expected = {
             "?xml": {
                 "@_version": "1.0",
@@ -103,7 +105,7 @@ describe("XMLParser Entities", function() {
         }).toThrowError("Unclosed DOCTYPE")
     })
 
-    it("should parse XML with DOCTYPE", function() {
+    it("should parse XML with DOCTYPE with valid comment expressions    ", function() {
         const xmlData = "<?xml version=\"1.0\" standalone=\"yes\" ?>" +
             "<!--open the DOCTYPE declaration -" +
             "  the open square bracket indicates an internal DTD-->" +
@@ -135,6 +137,22 @@ describe("XMLParser Entities", function() {
         parser.parse(xmlData);
     });
 
+    it("should read entity value between correct matching quote char", function() {
+        const xmlData = `<!DOCTYPE x [ <!ENTITY x 'x">]><!--'> ]>
+                <X>
+                    <Y/><![CDATA[--><X><Z/><!--]]>-->
+                </X>`;
+        const expected = { 
+            X: { 
+                Y: '', 
+                '#text': '--><X><Z/><!---->' 
+            } };
+        const parser = new XMLParser();
+        let result = parser.parse(xmlData);
+        // console.log(result);
+        expect(result).toEqual(expected);
+    });
+
     it("should parse attributes having '>' in value", function() {
         const xmlData = `
         <?xml version="1.0" encoding="UTF-8"?>
@@ -475,6 +493,7 @@ describe("XMLParser Entities", function() {
 });
 
 describe("XMLParser External Entities", function() {
+    
     it("should throw error when an entity value has '&'", function() {
         const parser = new XMLParser();
         expect( () => {

src/xmlparser/DocTypeReader.js

@@ -22,7 +22,7 @@ export default function readDocType(xmlData, i){
                     let entityName, val;
                     [entityName, val,i] = readEntityExp(xmlData,i+1);
                     if(val.indexOf("&") === -1) //Parameter entities are not supported
-                        entities[ validateEntityName(entityName) ] = {
+                        entities[ entityName ] = {
                             regx : RegExp( `&${entityName};`,"g"),
                             val: val
                         };
@@ -62,7 +62,14 @@ export default function readDocType(xmlData, i){
     return {entities, i};
 }
 
-function readEntityExp(xmlData,i){
+const skipWhitespace = (data, index) => {
+    while (index < data.length && /\s/.test(data[index])) {
+        index++;
+    }
+    return index;
+};
+
+function readEntityExp(xmlData, i) {    
     //External entities are not supported
     //    <!ENTITY ext SYSTEM "http://normal-website.com" >
 
@@ -71,26 +78,53 @@ function readEntityExp(xmlData,i){
 
     //Internal entities are supported
     //    <!ENTITY entityname "replacement text">
-    
-    //read EntityName
+
+    // Skip leading whitespace after <!ENTITY
+    i = skipWhitespace(xmlData, i);
+
+    // Read entity name
     let entityName = "";
-    for (; i < xmlData.length && (xmlData[i] !== "'" && xmlData[i] !== '"' ); i++) {
-        // if(xmlData[i] === " ") continue;
-        // else 
+    while (i < xmlData.length && !/\s/.test(xmlData[i]) && xmlData[i] !== '"' && xmlData[i] !== "'") {
         entityName += xmlData[i];
+        i++;
     }
-    entityName = entityName.trim();
-    if(entityName.indexOf(" ") !== -1) throw new Error("External entites are not supported");
-
-    //read Entity Value
-    const startChar = xmlData[i++];
-    let val = ""
-    for (; i < xmlData.length && xmlData[i] !== startChar ; i++) {
-        val += xmlData[i];
+
+    // Validate entity name
+    if (!validateEntityName(entityName)) {
+        throw new Error(`Invalid entity name: "${entityName}"`);
+    }
+
+    // Skip whitespace after entity name
+    i = skipWhitespace(xmlData, i);
+
+    // Check for unsupported constructs (external entities or parameter entities)
+    if (xmlData.substring(i, i + 6).toUpperCase() === "SYSTEM") {
+        throw new Error("External entities are not supported");
+    }else if (xmlData[i] === "%") {
+        throw new Error("Parameter entities are not supported");
     }
-    return [entityName, val, i];
+
+    // Read entity value (internal entity)
+    const quoteChar = xmlData[i];
+    if (quoteChar !== '"' && quoteChar !== "'") {
+        throw new Error(`Expected quoted string, found "${quoteChar}"`);
+    }
+    i++;
+
+    let entityValue = "";
+    while (i < xmlData.length && xmlData[i] !== quoteChar) {
+        entityValue += xmlData[i];
+        i++;
+    }
+
+    if (xmlData[i] !== quoteChar) {
+        throw new Error("Unterminated entity value");
+    }
+
+    return [entityName, entityValue, i ];
 }
 
+
 function isComment(xmlData, i){
     if(xmlData[i+1] === '!' &&
     xmlData[i+2] === '-' &&