Improved validation

Author: rmraya

ts/SAXParser.ts

@@ -421,8 +421,8 @@ export class SAXParser {
             let char: string = String.fromCodePoint(code);
             this.contentHandler!.characters(char);
         } else {
-            // Look up entity in DTD using grammar interface
-            const entityValue: string | undefined = grammar.resolveEntity(name);
+            // Look up entity in grammar, loading external content if necessary
+            const entityValue: string | undefined = this.grammarHandler.resolveEntityValue(name);
             if (entityValue !== undefined) {
                 if (entityValue.length > 0) {
                     if (entityValue.length === 1) {
@@ -1410,7 +1410,7 @@ export class SAXParser {
                 && attributeInfo.use !== AttributeUse.REQUIRED) {
                 const targetName: string = this.buildAttributeNameForInfo(attributeInfo);
                 if (!result.has(targetName)) {
-                    const defaultValue: string = this.normalizeAttributeByType(attributeInfo.defaultValue, attributeInfo.datatype);
+                    const defaultValue: string = this.processDefaultAttributeValue(attributeInfo);
                     result.set(targetName, defaultValue);
                     metadata.set(targetName, {
                         specified: false
@@ -1435,6 +1435,24 @@ export class SAXParser {
         }
     }
 
+    private processDefaultAttributeValue(attributeInfo: AttributeInfo): string {
+        const rawDefault: string = attributeInfo.defaultValue ?? '';
+
+        let normalizedLiteral: string = rawDefault;
+        if (rawDefault.indexOf('\r') !== -1 || rawDefault.indexOf('\n') !== -1) {
+            normalizedLiteral = this.normalizeLiteralAttributeLineBreaks(rawDefault, rawDefault);
+        }
+
+        if (rawDefault.includes('&')) {
+            this.validateAttributeValueWellFormedness(rawDefault);
+        }
+
+        let expandedValue: string = this.expandEntities(normalizedLiteral);
+        this.validateAttributeCharacterSet(expandedValue);
+
+        return this.normalizeAttributeByType(expandedValue, attributeInfo.datatype);
+    }
+
     private shouldPreserveLexicalWhitespace(lexicalValue: string): boolean {
         const pattern: RegExp = /&#(x?[0-9A-Fa-f]+);/g;
         let match: RegExpExecArray | null;
@@ -1772,7 +1790,7 @@ export class SAXParser {
                 }
 
                 // Look up custom entity using Grammar interface
-                const entityValue: string | undefined = this.grammarHandler.getGrammar().resolveEntity(entityName);
+                const entityValue: string | undefined = this.grammarHandler.resolveEntityValue(entityName);
                 if (entityValue !== undefined) {
                     if (entityValue !== '') {
                         // Mark this entity as visited for recursion detection

ts/dtd/ContentModel.ts

@@ -71,7 +71,8 @@ export class ContentModel {
     }
 
     parseSpec(modelString: string): ContentModel {
-        let contentString: string = modelString.replaceAll("\\s+", "");
+        // Normalize whitespace so multi-line mixed content declarations parse correctly
+        let contentString: string = modelString.replace(/\s+/g, "");
         try {
             this.validateParentheses(contentString);
         } catch (e: unknown) {

ts/dtd/DTDParser.ts

@@ -360,14 +360,22 @@ export class DTDParser {
 
     resolveEntities(fragment: string): string {
         while (XMLUtils.hasParameterEntity(fragment)) {
-            let start = fragment.indexOf('%');
-            let end = fragment.indexOf(';');
-            let entityName = fragment.substring(start + '%'.length, end);
+            let start: number = fragment.indexOf('%');
+            if (start === -1) {
+                break;
+            }
+            let end: number = fragment.indexOf(';', start);
+            if (end === -1) {
+                throw new Error('Malformed parameter entity reference while resolving "' + fragment + '"');
+            }
+            let entityName: string = fragment.substring(start + '%'.length, end).trim();
             let entity: EntityDecl | undefined = this.grammar.getParameterEntity(entityName);
             if (entity === undefined) {
-                throw new Error('Unknown entity: ' + entityName + ' in resolveEntities');
+                let context: string = fragment.substring(start, Math.min(fragment.length, start + 80));
+                throw new Error('Unknown entity: ' + entityName + ' in resolveEntities while processing "' + context + '"');
             }
-            fragment = fragment.replace('%' + entityName + ';', entity.getValue());
+            let replacement: string = entity.getValue();
+            fragment = fragment.substring(0, start) + replacement + fragment.substring(end + ';'.length);
         }
         return fragment;
     }

ts/dtd/ElementDecl.ts

@@ -32,7 +32,7 @@ export class ElementDecl implements XMLNode {
             return;
         }
         // Build and validate the content model using the complete parser
-        let simplified: string = this.contentSpec.replace('\n', ' ');
+        let simplified: string = this.contentSpec.replace(/\r?\n/g, ' ');
         simplified = simplified.replace(/\s+/g, '').trim();
         const parser: DTDContentModelParser = new DTDContentModelParser(simplified);
         const model: DTDContentModel = parser.parse();

ts/dtd/EntityDecl.ts

@@ -17,7 +17,7 @@ export class EntityDecl implements XMLNode {
 
     private name: string;
     private parameterEntity: boolean;
-    private value: string; 
+    private value: string;
     private systemId: string;
     private publicId: string;
     private ndata: string;
@@ -64,6 +64,14 @@ export class EntityDecl implements XMLNode {
         return this.publicId;
     }
 
+    getNotationName(): string {
+        return this.ndata;
+    }
+
+    isExternal(): boolean {
+        return this.systemId !== '' || this.publicId !== '';
+    }
+
     getNodeType(): number {
         return Constants.ENTITY_DECL_NODE;
     }
@@ -82,12 +90,12 @@ export class EntityDecl implements XMLNode {
 
     equals(node: XMLNode): boolean {
         if (node instanceof EntityDecl) {
-            return this.name === node.name && 
-                   this.parameterEntity === node.parameterEntity &&
-                   this.value === node.value &&
-                   this.systemId === node.systemId &&
-                   this.publicId === node.publicId &&
-                   this.ndata === node.ndata;
+            return this.name === node.name &&
+                this.parameterEntity === node.parameterEntity &&
+                this.value === node.value &&
+                this.systemId === node.systemId &&
+                this.publicId === node.publicId &&
+                this.ndata === node.ndata;
         }
         return false;
     }

ts/grammar/DTDComposite.ts

@@ -18,14 +18,14 @@ import { AttributeInfo, Grammar, GrammarType, ValidationContext, ValidationResul
 
 
 export class DTDComposite implements Grammar {
-    
+
     private static instance: DTDComposite | undefined;
     private validating: boolean = false;
     private internalDTD: DTDGrammar | undefined;
     private externalDTDs: DTDGrammar[] = [];
     private sharedParameterEntities: Map<string, EntityDecl> = new Map();
     private includeDefaultAttributes: boolean = true;
-    
+
     private constructor() {
         // Initialize with predefined entities like DTDGrammar does
         this.addPredefinedEntities();
@@ -285,6 +285,24 @@ export class DTDComposite implements Grammar {
         return false;
     }
 
+    getEntityDeclaration(entityName: string): EntityDecl | undefined {
+        if (this.internalDTD) {
+            const entity = this.internalDTD.getEntity(entityName);
+            if (entity) {
+                return entity;
+            }
+        }
+
+        for (const externalDTD of this.externalDTDs) {
+            const entity = externalDTD.getEntity(entityName);
+            if (entity) {
+                return entity;
+            }
+        }
+
+        return undefined;
+    }
+
     private notationExists(notationName: string): boolean {
         // Check internal DTD first
         if (this.internalDTD) {
@@ -382,7 +400,7 @@ export class DTDComposite implements Grammar {
 
         return undefined;
     }
-    
+
     consumeEntityReference(expandedText: string): string | undefined {
         if (this.internalDTD) {
             const ref = this.internalDTD.consumeEntityReference(expandedText);

ts/grammar/GrammarHandler.ts

@@ -16,6 +16,7 @@ import { fileURLToPath } from 'url';
 import { Catalog } from '../Catalog';
 import { DTDGrammar } from '../dtd/DTDGrammar';
 import { DTDParser } from '../dtd/DTDParser';
+import { EntityDecl } from '../dtd/EntityDecl';
 import { XMLSchemaParser } from '../schema/XMLSchemaParser';
 import { CompositeGrammar } from './CompositeGrammar';
 import { DTDComposite } from './DTDComposite';
@@ -86,6 +87,14 @@ export class GrammarHandler {
         return this.compositeGrammar;
     }
 
+    resolveEntityValue(entityName: string): string | undefined {
+        const grammar: Grammar = this.getGrammar();
+        if (grammar instanceof DTDComposite) {
+            return this.resolveEntityValueFromDTD(grammar, entityName);
+        }
+        return grammar.resolveEntity(entityName);
+    }
+
     getLoadedGrammars(): Array<{ namespace: string, type: string, elementCount?: number, typeCount?: number }> {
         const grammars = this.compositeGrammar.getLoadedGrammarList();
         if (this.dtdComposite) {
@@ -99,6 +108,34 @@ export class GrammarHandler {
         return grammars;
     }
 
+    private resolveEntityValueFromDTD(dtdComposite: DTDComposite, entityName: string): string | undefined {
+        const entityDecl: EntityDecl | undefined = dtdComposite.getEntityDeclaration(entityName);
+        if (!entityDecl) {
+            return undefined;
+        }
+
+        if (entityDecl.getNotationName() !== '') {
+            throw new Error(`Unparsed entity '${entityName}' cannot be referenced in parsed content`);
+        }
+
+        if (entityDecl.isExternal() && !entityDecl.isExternalContentLoaded()) {
+            const content: string = this.loadExternalEntityContent(entityDecl);
+            entityDecl.setValue(content);
+        }
+
+        return entityDecl.getValue();
+    }
+
+    private loadExternalEntityContent(entityDecl: EntityDecl): string {
+        const baseDir: string = this.currentFile ? dirname(this.currentFile) : process.cwd();
+        const parser: DTDParser = new DTDParser(undefined, baseDir);
+        parser.setValidating(this.validating);
+        if (this.catalog) {
+            parser.setCatalog(this.catalog);
+        }
+        return parser.loadExternalEntity(entityDecl.getPublicId(), entityDecl.getSystemId(), true);
+    }
+
     hasGrammar(namespaceURI: string | undefined): boolean {
         // Check DTD grammar first (DTD has no namespace, so namespaceURI would be undefined)
         if (namespaceURI === undefined && this.dtdComposite) {