From cc1bdba18ef81544ad4b450327dabb108488641b Mon Sep 17 00:00:00 2001
From: Nelson Vides <nelson.vides@erlang-solutions.com>
Date: Tue, 31 May 2022 16:51:23 +0200
Subject: [PATCH] Verify forbidden chars inside cdata and escaped chars!

---
 c_src/rapidxml.hpp             | 1 +
 test/exml_properties_tests.erl | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/c_src/rapidxml.hpp b/c_src/rapidxml.hpp
index e6e8da9..357196f 100644
--- a/c_src/rapidxml.hpp
+++ b/c_src/rapidxml.hpp
@@ -2063,6 +2063,7 @@ namespace rapidxml
                 }
 
                 // No replacement, only copy character
+                check_control<control_points_pred, Flags>(src);
                 *dest++ = *src++;
 
             }
diff --git a/test/exml_properties_tests.erl b/test/exml_properties_tests.erl
index 64ee84f..c5e8b4c 100644
--- a/test/exml_properties_tests.erl
+++ b/test/exml_properties_tests.erl
@@ -19,6 +19,10 @@ vector_2_forbidden_control_char_test() ->
 vector_3_forbidden_control_char_test() ->
     ?assertMatch({error, _}, exml:parse(<<"<body lang='en' bad='", 16#1B, "'></body>">>)).
 
+vector_4_forbidden_control_char_test() ->
+    ?assertMatch({error, _},
+                 exml:parse(<<"<message to='alice@localhost'><body>&amp;lt;body&amp;gt;", 16#1B,"&amp;lt;/body&amp;gt;</body></body>">>)).
+
 fail_forbidden_control_char_test() ->
     p("All valid xml cdata can be parsed",
       ?FORALL(Doc, utf8_doc_bad(),