Desktop: Security: Fix HTML parsing bug (#10876)

packages/app-cli/tests/md_to_html/sanitize_20.html

@@ -0,0 +1,2 @@
+<div class="jop-noMdConv">
+&lt;.a

packages/app-cli/tests/md_to_html/sanitize_20.md

@@ -0,0 +1,2 @@
+<div>
+<.a<iframe src="http://example.com/" >

packages/fork-htmlparser2/README.md

@@ -54,6 +54,8 @@ index 44b4371..bcd7cc2 100644
          if (this._cbs.onend)
 ```
 
+To fix an HTML parsing issue (tags were allowed to start with non-alphanumeric characters), [this upstream commit](https://github.com/fb55/htmlparser2/commit/bc010de9df09f2d730a69734e05e5175ea8bd2d7) has also been applied.
+
 * * *
 
 # htmlparser2

packages/fork-htmlparser2/src/Tokenizer.ts

@@ -32,6 +32,7 @@ const enum State {
     //comments
     BeforeComment,
     InComment,
+    InSpecialComment,
     AfterComment1,
     AfterComment2,
 
@@ -87,6 +88,10 @@ function whitespace(c: string): boolean {
     return c === " " || c === "\n" || c === "\t" || c === "\f" || c === "\r";
 }
 
+function isASCIIAlpha(c: string): boolean {
+    return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
+}
+
 interface Callbacks {
     onattribdata(value: string): void; //TODO implement the new event
     onattribend(): void;
@@ -282,6 +287,8 @@ export default class Tokenizer {
         } else if (c === "?") {
             this._state = State.InProcessingInstruction;
             this._sectionStart = this._index + 1;
+        } else if (!isASCIIAlpha(c)) {
+            this._state = State.Text;
         } else {
             this._state =
                 !this._xmlMode && (c === "s" || c === "S")
@@ -309,6 +316,9 @@ export default class Tokenizer {
                 this._state = State.Text;
                 this._index--;
             }
+        } else if (!isASCIIAlpha(c)) {
+            this._state = State.InSpecialComment;
+            this._sectionStart = this._index;
         } else {
             this._state = State.InClosingTagName;
             this._sectionStart = this._index;
@@ -454,6 +464,15 @@ export default class Tokenizer {
     _stateInComment(c: string) {
         if (c === "-") this._state = State.AfterComment1;
     }
+    _stateInSpecialComment(c: string) {
+        if (c === ">") {
+            this._cbs.oncomment(
+                this._buffer.substring(this._sectionStart, this._index)
+            );
+            this._state = State.Text;
+            this._sectionStart = this._index + 1;
+        }
+    }
     _stateAfterComment1(c: string) {
         if (c === "-") {
             this._state = State.AfterComment2;
@@ -702,6 +721,8 @@ export default class Tokenizer {
                 this._stateInAttributeName(c);
             } else if (this._state === State.InComment) {
                 this._stateInComment(c);
+            } else if (this._state === State.InSpecialComment) {
+                this._stateInSpecialComment(c);
             } else if (this._state === State.BeforeAttributeName) {
                 this._stateBeforeAttributeName(c);
             } else if (this._state === State.InTagName) {

packages/fork-htmlparser2/src/__fixtures__/Events/34-not-alpha-tags.json

@@ -0,0 +1,12 @@
+{
+  "name": "tag names are not ASCII alpha",
+  "options": {
+      "parser": {}
+  },
+  "html": "<12>text</12>",
+  "expected": [
+      { "event": "text", "data": ["<12>text"] },
+      { "event": "comment", "data": ["12"] },
+      { "event": "commentend", "data": [] }
+  ]
+}