From b220413a9b5ed55fb1f565ac786a5c231da8bc87 Mon Sep 17 00:00:00 2001
From: Henry Heino <46334387+personalizedrefrigerator@users.noreply.github.com>
Date: Thu, 15 Aug 2024 11:37:58 -0700
Subject: [PATCH 1/2] Desktop: Security: Fix HTML parsing bug (#10876)

---
 .../app-cli/tests/md_to_html/sanitize_20.html |  2 ++
 .../app-cli/tests/md_to_html/sanitize_20.md   |  2 ++
 packages/fork-htmlparser2/README.md           |  2 ++
 packages/fork-htmlparser2/src/Tokenizer.ts    | 21 +++++++++++++++++++
 .../Events/34-not-alpha-tags.json             | 12 +++++++++++
 5 files changed, 39 insertions(+)
 create mode 100644 packages/app-cli/tests/md_to_html/sanitize_20.html
 create mode 100644 packages/app-cli/tests/md_to_html/sanitize_20.md
 create mode 100644 packages/fork-htmlparser2/src/__fixtures__/Events/34-not-alpha-tags.json

diff --git a/packages/app-cli/tests/md_to_html/sanitize_20.html b/packages/app-cli/tests/md_to_html/sanitize_20.html
new file mode 100644
index 000000000..f731cd5a3
--- /dev/null
+++ b/packages/app-cli/tests/md_to_html/sanitize_20.html
@@ -0,0 +1,2 @@
+<div class="jop-noMdConv">
+&lt;.a
\ No newline at end of file
diff --git a/packages/app-cli/tests/md_to_html/sanitize_20.md b/packages/app-cli/tests/md_to_html/sanitize_20.md
new file mode 100644
index 000000000..4da3453d2
--- /dev/null
+++ b/packages/app-cli/tests/md_to_html/sanitize_20.md
@@ -0,0 +1,2 @@
+<div>
+<.a<iframe src="http://example.com/" >
\ No newline at end of file
diff --git a/packages/fork-htmlparser2/README.md b/packages/fork-htmlparser2/README.md
index 24486137f..69b0e8a96 100644
--- a/packages/fork-htmlparser2/README.md
+++ b/packages/fork-htmlparser2/README.md
@@ -54,6 +54,8 @@ index 44b4371..bcd7cc2 100644
          if (this._cbs.onend)
 ```
 
+To fix an HTML parsing issue (tags were allowed to start with non-alphanumeric characters), [this upstream commit](https://github.com/fb55/htmlparser2/commit/bc010de9df09f2d730a69734e05e5175ea8bd2d7) has also been applied.
+
 * * *
 
 # htmlparser2
diff --git a/packages/fork-htmlparser2/src/Tokenizer.ts b/packages/fork-htmlparser2/src/Tokenizer.ts
index af44d8539..a744e697c 100644
--- a/packages/fork-htmlparser2/src/Tokenizer.ts
+++ b/packages/fork-htmlparser2/src/Tokenizer.ts
@@ -32,6 +32,7 @@ const enum State {
     //comments
     BeforeComment,
     InComment,
+    InSpecialComment,
     AfterComment1,
     AfterComment2,
 
@@ -87,6 +88,10 @@ function whitespace(c: string): boolean {
     return c === " " || c === "\n" || c === "\t" || c === "\f" || c === "\r";
 }
 
+function isASCIIAlpha(c: string): boolean {
+    return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z');
+}
+
 interface Callbacks {
     onattribdata(value: string): void; //TODO implement the new event
     onattribend(): void;
@@ -282,6 +287,8 @@ export default class Tokenizer {
         } else if (c === "?") {
             this._state = State.InProcessingInstruction;
             this._sectionStart = this._index + 1;
+        } else if (!isASCIIAlpha(c)) {
+            this._state = State.Text;
         } else {
             this._state =
                 !this._xmlMode && (c === "s" || c === "S")
@@ -309,6 +316,9 @@ export default class Tokenizer {
                 this._state = State.Text;
                 this._index--;
             }
+        } else if (!isASCIIAlpha(c)) {
+            this._state = State.InSpecialComment;
+            this._sectionStart = this._index;
         } else {
             this._state = State.InClosingTagName;
             this._sectionStart = this._index;
@@ -454,6 +464,15 @@ export default class Tokenizer {
     _stateInComment(c: string) {
         if (c === "-") this._state = State.AfterComment1;
     }
+    _stateInSpecialComment(c: string) {
+        if (c === ">") {
+            this._cbs.oncomment(
+                this._buffer.substring(this._sectionStart, this._index)
+            );
+            this._state = State.Text;
+            this._sectionStart = this._index + 1;
+        }
+    }
     _stateAfterComment1(c: string) {
         if (c === "-") {
             this._state = State.AfterComment2;
@@ -702,6 +721,8 @@ export default class Tokenizer {
                 this._stateInAttributeName(c);
             } else if (this._state === State.InComment) {
                 this._stateInComment(c);
+            } else if (this._state === State.InSpecialComment) {
+                this._stateInSpecialComment(c);
             } else if (this._state === State.BeforeAttributeName) {
                 this._stateBeforeAttributeName(c);
             } else if (this._state === State.InTagName) {
diff --git a/packages/fork-htmlparser2/src/__fixtures__/Events/34-not-alpha-tags.json b/packages/fork-htmlparser2/src/__fixtures__/Events/34-not-alpha-tags.json
new file mode 100644
index 000000000..06f9b687c
--- /dev/null
+++ b/packages/fork-htmlparser2/src/__fixtures__/Events/34-not-alpha-tags.json
@@ -0,0 +1,12 @@
+{
+  "name": "tag names are not ASCII alpha",
+  "options": {
+      "parser": {}
+  },
+  "html": "<12>text</12>",
+  "expected": [
+      { "event": "text", "data": ["<12>text"] },
+      { "event": "comment", "data": ["12"] },
+      { "event": "commentend", "data": [] }
+  ]
+}

From 598677b2072ab0648c7702f1d27c1e5ca3d628d3 Mon Sep 17 00:00:00 2001
From: Laurent Cozic <laurent22@users.noreply.github.com>
Date: Wed, 21 Aug 2024 09:36:44 +0100
Subject: [PATCH 2/2] Desktop release v3.0.15

---
 packages/app-desktop/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/app-desktop/package.json b/packages/app-desktop/package.json
index 6debbb13e..4292693c8 100644
--- a/packages/app-desktop/package.json
+++ b/packages/app-desktop/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@joplin/app-desktop",
-  "version": "3.0.14",
+  "version": "3.0.15",
   "description": "Joplin for Desktop",
   "main": "main.js",
   "private": true,