From 4fa3808e8dfccb12c11ad2b22130765307750851 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 22 Nov 2022 23:56:01 +0100
Subject: util.stanza: Allow U+7F

Allowed by XML despite arguably being a control character.

Drops the part of the range meant to rule out octets invalid in UTF-8
(\247 starts a 4-byte sequence), since UTF-8 correctness is validated by
util.encodings.utf8.valid().
---
 util/stanza.lua | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'util/stanza.lua')

diff --git a/util/stanza.lua b/util/stanza.lua
index a8c619d0..3cd56c5f 100644
--- a/util/stanza.lua
+++ b/util/stanza.lua
@@ -45,8 +45,12 @@ local _ENV = nil;
 local stanza_mt = { __name = "stanza" };
 stanza_mt.__index = stanza_mt;
 
+-- Basic check for valid XML character data.
+-- Disallow control characters.
+-- Tab U+09 and newline U+0A are allowed.
+-- For attributes, allow the \1 separator between namespace and name.
 local function valid_xml_cdata(str, attr)
-	return not s_find(str, attr and "[^\1\9\10\13\20-~\128-\247]" or "[^\9\10\13\20-~\128-\247]");
+	return not s_find(str, attr and "[^\1\9\10\13\20-\255]" or "[^\9\10\13\20-\255]");
 end
 
 local function check_name(name, name_type)
-- 
cgit v1.2.3