[pull] master from stleary:master#20
Merged
pull[bot] merged 7 commits intoConnectionMaster:masterfrom Jan 30, 2026
Merged
Conversation
Add type checking before casting parse() results to JSONArray/JSONObject. When parse() returns an unexpected type (e.g., String for malformed input), the code now throws a descriptive JSONException instead of ClassCastException. This prevents unchecked exceptions from propagating to callers who only expect JSONException from these methods. Fixes #1034
Fix StringIndexOutOfBoundsException and NumberFormatException in XMLTokener.unescapeEntity() when parsing malformed XML numeric character references. Issues: - &#; (empty numeric reference) caused StringIndexOutOfBoundsException - &#txx; (invalid decimal) caused NumberFormatException - &#xGGG; (invalid hex) caused NumberFormatException Changes: - Add length validation before accessing character positions - Add isValidHex() and isValidDecimal() helper methods - Throw proper JSONException with descriptive messages Fixes #1035, Fixes #1036
Extracted hex and decimal parsing logic into separate methods to address SonarQube complexity warning: - parseHexEntity(): handles ઼ format - parseDecimalEntity(): handles { format This reduces cyclomatic complexity while maintaining identical functionality and all validation checks.
Added comprehensive test coverage for numeric character reference parsing: Exception cases (should throw JSONException): - Empty numeric entity: &#; - Invalid decimal entity: &#txx; - Empty hex entity: &#x; - Invalid hex characters: &#xGGG; Valid cases (should parse correctly): - Decimal entity: A -> 'A' - Lowercase hex entity: A -> 'A' - Uppercase hex entity: A -> 'A' These tests verify the fixes for issues #1035 and #1036.
Added comprehensive test coverage for safe type casting: Exception cases (should throw JSONException, not ClassCastException): - Malformed XML causing type mismatch in toJSONArray() - Type mismatch in toJSONObject() Valid cases (should continue to work): - Valid XML to JSONArray conversion - Valid XML to JSONObject conversion These tests verify the fix for issue #1034 where ClassCastException was thrown when parse() returned unexpected types.
Fix ClassCastException in JSONML.toJSONArray and toJSONObject
Fix input validation in XMLTokener.unescapeEntity()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )