Fixed logic for validating HTML Tag and Attribute names

Apparently, < is a valid tag name character based on the HTML5 tokenizer specification. Fixes #1136
jstedfast · Jan 30, 2025 · f2b722b · f2b722b
1 parent 9787693
commit f2b722b
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 11 deletions.
diff --git a/MimeKit/Text/HtmlAttribute.cs b/MimeKit/Text/HtmlAttribute.cs
@@ -80,7 +80,7 @@ public HtmlAttribute (string name, string value)
 			if (name.Length == 0)
 				throw new ArgumentException ("The attribute name cannot be empty.", nameof (name));
 
-			if (!HtmlUtils.IsValidTokenName (name))
+			if (!HtmlUtils.IsValidAttributeName (name))
 				throw new ArgumentException ("Invalid attribute name.", nameof (name));
 
 			Value = value;

diff --git a/MimeKit/Text/HtmlUtils.cs b/MimeKit/Text/HtmlUtils.cs
@@ -37,6 +37,12 @@ namespace MimeKit.Text {
 	/// </remarks>
 	public static class HtmlUtils
 	{
+		// https://dev.w3.org/html5/spec-LC/tokenization.html#attribute-name-state
+		static readonly string InvalidAttributeNameCharacters = "\0\t\r\n\f /=>\"\'<";
+
+		// https://dev.w3.org/html5/spec-LC/tokenization.html#tag-name-state
+		static readonly string InvalidTagNameCharacters = "\0\t\r\n\f />";
+
 #if NETSTANDARD2_0 || NETFRAMEWORK
 		static void Write (this TextWriter writer, ReadOnlySpan<char> value)
 		{
@@ -51,18 +57,27 @@ static void Write (this TextWriter writer, ReadOnlySpan<char> value)
 		}
 #endif
 
-		internal static bool IsValidTokenName (string name)
+		internal static bool IsValidAttributeName (string name)
 		{
 			if (string.IsNullOrEmpty (name))
 				return false;
 
 			for (int i = 0; i < name.Length; i++) {
-				switch (name[i]) {
-				case '\t': case '\r': case '\n': case '\f': case ' ':
-				case '<': case '>': case '\'': case '"':
-				case '/': case '=':
+				if (InvalidAttributeNameCharacters.IndexOf (name[i]) != -1)
+					return false;
+			}
+
+			return true;
+		}
+
+		internal static bool IsValidTagName (string name)
+		{
+			if (string.IsNullOrEmpty (name))
+				return false;
+
+			for (int i = 0; i < name.Length; i++) {
+				if (InvalidTagNameCharacters.IndexOf (name[i]) != -1)
 					return false;
-				}
 			}
 
 			return true;

diff --git a/MimeKit/Text/HtmlWriter.cs b/MimeKit/Text/HtmlWriter.cs
@@ -135,7 +135,7 @@ static void ValidateAttributeName (string name)
 			if (name.Length == 0)
 				throw new ArgumentException ("The attribute name cannot be empty.", nameof (name));
 
-			if (!HtmlUtils.IsValidTokenName (name))
+			if (!HtmlUtils.IsValidAttributeName (name))
 				throw new ArgumentException ($"Invalid attribute name: {name}", nameof (name));
 		}
 
@@ -147,7 +147,7 @@ static void ValidateTagName (string name)
 			if (name.Length == 0)
 				throw new ArgumentException ("The tag name cannot be empty.", nameof (name));
 
-			if (!HtmlUtils.IsValidTokenName (name))
+			if (!HtmlUtils.IsValidTagName (name))
 				throw new ArgumentException ($"Invalid tag name: {name}", nameof (name));
 		}
 

diff --git a/UnitTests/Text/HtmlUtilsTests.cs b/UnitTests/Text/HtmlUtilsTests.cs
@@ -267,9 +267,15 @@ public void TestHtmlNamespaces ()
 		}
 
 		[Test]
-		public void TestIsValidTokenName ()
+		public void TestIsValidAttributeName ()
 		{
-			Assert.That (HtmlUtils.IsValidTokenName (string.Empty), Is.False, "string.Empty");
+			Assert.That (HtmlUtils.IsValidAttributeName (string.Empty), Is.False, "string.Empty");
+		}
+
+		[Test]
+		public void TestIsValidTagName ()
+		{
+			Assert.That (HtmlUtils.IsValidTagName (string.Empty), Is.False, "string.Empty");
 		}
 	}
 }