Fix a bug that invalid element start may be accepted

HackerOne: HO-1104077

It's caused by ignoring garbage before "\n<NAME...".

Reported by Juho Nurminen. Thanks!!!

Author: kou

lib/rexml/parsers/baseparser.rb

@@ -61,7 +61,7 @@ class BaseParser
       XMLDECL_PATTERN = /<\?xml\s+(.*?)\?>/um
       INSTRUCTION_START = /\A<\?/u
       INSTRUCTION_PATTERN = /<\?#{NAME}(\s+.*?)?\?>/um
-      TAG_MATCH = /^<((?>#{QNAME_STR}))/um
+      TAG_MATCH = /\A<((?>#{QNAME_STR}))/um
       CLOSE_MATCH = /^\s*<\/(#{QNAME_STR})\s*>/um
 
       VERSION = /\bversion\s*=\s*["'](.*?)['"]/um

test/parse/test_element.rb

@@ -46,6 +46,19 @@ def test_empty_namespace_attribute_name
 
         DETAIL
       end
+
+      def test_garbage_less_than_before_root_element_at_line_start
+        exception = assert_raise(REXML::ParseException) do
+          parse("<\n<x/>")
+        end
+        assert_equal(<<-DETAIL.chomp, exception.to_s)
+malformed XML: missing tag start
+Line: 2
+Position: 6
+Last 80 unconsumed characters:
+< <x/>
+        DETAIL
+      end
     end
   end
 end