fix: Terminate if SVG data includes a script tag (GHSA-cf4q-4cqr-7g7w)

Author: kesara

tests/valid/docfile.py36.html

@@ -24,7 +24,7 @@
 <thead><tr>
 <td class="left"></td>
 <td class="center">Xml2rfc Vocabulary V3 Schema</td>
-<td class="right">March 2022</td>
+<td class="right">April 2022</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">xml2rfc(1)</td>

tests/valid/docfile.py37.html

@@ -24,7 +24,7 @@
 <thead><tr>
 <td class="left"></td>
 <td class="center">Xml2rfc Vocabulary V3 Schema</td>
-<td class="right">March 2022</td>
+<td class="right">April 2022</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">xml2rfc(1)</td>

tests/valid/docfile.py38.html

@@ -24,7 +24,7 @@
 <thead><tr>
 <td class="left"></td>
 <td class="center">Xml2rfc Vocabulary V3 Schema</td>
-<td class="right">March 2022</td>
+<td class="right">April 2022</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">xml2rfc(1)</td>

tests/valid/elements.prepped.xml

@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='utf-8'?>
-<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="info" docName="elements-00" indexInclude="false" ipr="trust200902" obsoletes="1234,5678,9012,3456,7890" prepTime="2021-10-08T15:41:57" scripts="Cherokee,Common,Greek,Han,Hebrew,Latin" sortRefs="true" submissionType="independent" symRefs="true" tocDepth="3" tocInclude="true">
+<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="info" docName="elements-00" indexInclude="false" ipr="trust200902" obsoletes="1234,5678,9012,3456,7890" prepTime="2022-04-12T02:25:45" scripts="Cherokee,Common,Greek,Han,Hebrew,Latin" sortRefs="true" submissionType="independent" symRefs="true" tocDepth="3" tocInclude="true">
 
 
 

tests/valid/indexes.pages.text

@@ -3,9 +3,9 @@
 
 
 Network Working Group                                     H. Person, Ed.
-Internet-Draft                                            March 11, 2022
+Internet-Draft                                            April 12, 2022
 Intended status: Experimental                                           
-Expires: September 12, 2022
+Expires: October 14, 2022
 
 
                           xml2rfc index tests
@@ -26,7 +26,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on September 12, 2022.
+   This Internet-Draft will expire on October 14, 2022.
 
 Copyright Notice
 
@@ -53,9 +53,9 @@ Table of Contents
 
 
 
-Person                 Expires September 12, 2022               [Page 1]
+Person                  Expires October 14, 2022                [Page 1]
 
-Internet-Draft             xml2rfc index tests                March 2022
+Internet-Draft             xml2rfc index tests                April 2022
 
 
    This is another section!
@@ -109,9 +109,9 @@ Index
 
 
 
-Person                 Expires September 12, 2022               [Page 2]
+Person                  Expires October 14, 2022                [Page 2]
 
-Internet-Draft             xml2rfc index tests                March 2022
+Internet-Draft             xml2rfc index tests                April 2022
 
 
          em  Section 1, Paragraph 1
@@ -165,4 +165,4 @@ Author's Address
 
 
 
-Person                 Expires September 12, 2022               [Page 3]
+Person                  Expires October 14, 2022                [Page 3]

tests/valid/indexes.prepped.xml

@@ -1,5 +1,5 @@
 <?xml version='1.0' encoding='utf-8'?>
-<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="exp" docName="indexes-00" indexInclude="true" ipr="trust200902" prepTime="2022-03-11T00:41:46" scripts="Common,Latin" sortRefs="true" submissionType="independent" symRefs="true" tocDepth="3" tocInclude="true">
+<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="exp" docName="indexes-00" indexInclude="true" ipr="trust200902" prepTime="2022-04-12T02:27:13" scripts="Common,Latin" sortRefs="true" submissionType="independent" symRefs="true" tocDepth="3" tocInclude="true">
   <!-- xml2rfc v2v3 conversion 3.12.3 -->
 
 
@@ -20,7 +20,7 @@
         </postal>
       </address>
     </author>
-    <date day="11" month="03" year="2022"/>
+    <date day="12" month="04" year="2022"/>
     <boilerplate>
       <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.1">
         <name slugifiedName="name-status-of-this-memo">Status of This Memo</name>
@@ -41,7 +41,7 @@
         material or to cite them other than as "work in progress."
         </t>
         <t indent="0" pn="section-boilerplate.1-4">
-        This Internet-Draft will expire on 12 September 2022.
+        This Internet-Draft will expire on 14 October 2022.
         </t>
       </section>
       <section anchor="copyright" numbered="false" removeInRFC="false" toc="exclude" pn="section-boilerplate.2">

tests/valid/indexes.text

@@ -3,9 +3,9 @@
 
 
 Network Working Group                                     H. Person, Ed.
-Internet-Draft                                            March 11, 2022
+Internet-Draft                                            April 12, 2022
 Intended status: Experimental                                           
-Expires: September 12, 2022
+Expires: October 14, 2022
 
 
                           xml2rfc index tests
@@ -26,7 +26,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on September 12, 2022.
+   This Internet-Draft will expire on October 14, 2022.
 
 Copyright Notice
 

tests/valid/indexes.v3.py36.html

@@ -19,11 +19,11 @@
 <thead><tr>
 <td class="left">Internet-Draft</td>
 <td class="center">xml2rfc index tests</td>
-<td class="right">March 2022</td>
+<td class="right">April 2022</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">Person</td>
-<td class="center">Expires September 12, 2022</td>
+<td class="center">Expires October 14, 2022</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -36,12 +36,12 @@
 <dd class="internet-draft">indexes-00</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2022-03-11" class="published">March 11, 2022</time>
+<time datetime="2022-04-12" class="published">April 12, 2022</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Experimental</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2022-09-12">September 12, 2022</time></dd>
+<dd class="expires"><time datetime="2022-10-14">October 14, 2022</time></dd>
 <dt class="label-authors">Author:</dt>
 <dd class="authors">
 <div class="author">
@@ -71,7 +71,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on September 12, 2022.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on October 14, 2022.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">

tests/valid/indexes.v3.py37.html

@@ -19,11 +19,11 @@
 <thead><tr>
 <td class="left">Internet-Draft</td>
 <td class="center">xml2rfc index tests</td>
-<td class="right">March 2022</td>
+<td class="right">April 2022</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">Person</td>
-<td class="center">Expires September 12, 2022</td>
+<td class="center">Expires October 14, 2022</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -36,12 +36,12 @@
 <dd class="internet-draft">indexes-00</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2022-03-11" class="published">March 11, 2022</time>
+<time datetime="2022-04-12" class="published">April 12, 2022</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Experimental</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2022-09-12">September 12, 2022</time></dd>
+<dd class="expires"><time datetime="2022-10-14">October 14, 2022</time></dd>
 <dt class="label-authors">Author:</dt>
 <dd class="authors">
 <div class="author">
@@ -71,7 +71,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on September 12, 2022.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on October 14, 2022.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">

tests/valid/indexes.v3.py38.html

@@ -19,11 +19,11 @@
 <thead><tr>
 <td class="left">Internet-Draft</td>
 <td class="center">xml2rfc index tests</td>
-<td class="right">March 2022</td>
+<td class="right">April 2022</td>
 </tr></thead>
 <tfoot><tr>
 <td class="left">Person</td>
-<td class="center">Expires September 12, 2022</td>
+<td class="center">Expires October 14, 2022</td>
 <td class="right">[Page]</td>
 </tr></tfoot>
 </table>
@@ -36,12 +36,12 @@
 <dd class="internet-draft">indexes-00</dd>
 <dt class="label-published">Published:</dt>
 <dd class="published">
-<time datetime="2022-03-11" class="published">March 11, 2022</time>
+<time datetime="2022-04-12" class="published">April 12, 2022</time>
     </dd>
 <dt class="label-intended-status">Intended Status:</dt>
 <dd class="intended-status">Experimental</dd>
 <dt class="label-expires">Expires:</dt>
-<dd class="expires"><time datetime="2022-09-12">September 12, 2022</time></dd>
+<dd class="expires"><time datetime="2022-10-14">October 14, 2022</time></dd>
 <dt class="label-authors">Author:</dt>
 <dd class="authors">
 <div class="author">
@@ -71,7 +71,7 @@ <h2 id="name-status-of-this-memo">
         time. It is inappropriate to use Internet-Drafts as reference
         material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
 <p id="section-boilerplate.1-4">
-        This Internet-Draft will expire on September 12, 2022.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
+        This Internet-Draft will expire on October 14, 2022.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="copyright">

tests/valid/manpage.txt

@@ -1,5 +1,5 @@
 xml2rfc(1)                                                    xml2rfc(1)
-                                                           11 March 2022
+                                                           12 April 2022
 
 
                   Xml2rfc Vocabulary Version 3 Schema

tests/valid/rfc6787.exp.xml

@@ -11141,7 +11141,7 @@ identification-tag =    token
     <references title="Normative References">
       <!--RTP-->
 
-      <reference anchor="RFC3550" target="https://www.rfc-editor.org/info/rfc3550" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3550.xml" quote-title="true">
+      <reference anchor="RFC3550" target="https://www.rfc-editor.org/info/rfc3550" xml:base="https://www.rfc-editor.org/refs/bibxml/reference.RFC.3550.xml" quote-title="true">
 <front>
 <title>RTP: A Transport Protocol for Real-Time Applications</title>
 <author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne"><organization/></author>
@@ -11338,7 +11338,7 @@ identification-tag =    token
 
       <!--Internet Message Format-->
 
-      <reference anchor="RFC5322" target="https://www.rfc-editor.org/info/rfc5322" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5322.xml" quote-title="true">
+      <reference anchor="RFC5322" target="https://www.rfc-editor.org/info/rfc5322" xml:base="https://www.rfc-editor.org/refs/bibxml/reference.RFC.5322.xml" quote-title="true">
 <front>
 <title>Internet Message Format</title>
 <author initials="P." surname="Resnick" fullname="P. Resnick" role="editor"><organization/></author>
@@ -11420,7 +11420,7 @@ identification-tag =    token
 
       <!--Domain names - implementation and specification-->
 
-      <reference anchor="RFC1035" target="https://www.rfc-editor.org/info/rfc1035" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1035.xml" quote-title="true">
+      <reference anchor="RFC1035" target="https://www.rfc-editor.org/info/rfc1035" xml:base="https://www.rfc-editor.org/refs/bibxml/reference.RFC.1035.xml" quote-title="true">
 <front>
 <title>Domain names - implementation and specification</title>
 <author initials="P.V." surname="Mockapetris" fullname="P.V. Mockapetris"><organization/></author>

xml2rfc/writers/base.py

@@ -32,6 +32,12 @@
     bare_latin_tags, unicode_attributes, downcode, downcode_punctuation)
 from xml2rfc.utils import namespaces, find_duplicate_ids, slugify
 
+
+DEADLY_ERRORS = [
+    'Element svg has extra content: script',
+    'Did not expect element script there',
+]
+
 default_silenced_messages = [
 #    ".*[Pp]ostal address",
 ]
@@ -2136,6 +2142,15 @@ def indent(e, i):
         indent(e, 0)
         e.tail = None
 
+    def deadly_error(self, error):
+        # errors that xml2rfc must not allow to continue
+
+        if error.message in DEADLY_ERRORS:
+            if self.options.verbose:
+                msg = "%s(%s): Error: Can not continue further with error: %s" % (self.xmlrfc.source, error.line, error.message)
+                self.log(msg)
+            return True
+
     def validate(self, when='', warn=False):
         # Note: Our schema doesn't permit xi:include elements, so the document
         # must have had XInclude processing done before calling validate()
@@ -2164,11 +2179,14 @@ def validate(self, when='', warn=False):
                           "higher for better error messages." % ('.'.join(str(v) for v in lxmlver), ))
             # These warnings are occasionally incorrect -- disable this
             # output for now:
+            deadly = False
             if hasattr(e, 'error_log'):
                 for error in e.error_log:
                     path = getattr(error, 'path', '')
                     msg = "%s(%s): %s: %s, at %s" % (self.xmlrfc.source, error.line, error.level_name.title(), error.message, path)
                     self.log(msg)
+                    if not deadly:
+                        deadly = self.deadly_error(error)
                     if error.message.startswith("Did not expect text"):
                         items = self.tree.xpath(error.path + '/text()')
                         for item in items:
@@ -2179,7 +2197,7 @@ def validate(self, when='', warn=False):
 
             else:
                 log.warn('\nInvalid document: %s' % (e,))
-            if warn:
+            if warn and not deadly:
                 self.warn(self.root, 'Invalid document%s.' % (when, ))
                 return False
             else: