Index: openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl,v diff -u -N -r1.67.2.7 -r1.67.2.8 --- openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl 10 Oct 2015 17:57:04 -0000 1.67.2.7 +++ openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl 11 Oct 2015 18:25:05 -0000 1.67.2.8 @@ -285,21 +285,28 @@ # -gustaf neumann (Jan 2009) if {$break_soft == 0 && $break_hard == 0} { - if {[catch {dom parse -html $html_fragment doc} errorMsg]} { - # we got an error, so do normal processing - ns_log notice "tdom can't parse the provided HTML, error=$errorMsg,\nchecking fragment without tdom" - } else { - $doc documentElement root - set html "" - # discard forms - foreach node [$root selectNodes //form] {$node delete} - # output wellformed html - set b [lindex [$root selectNodes {//body}] 0] - foreach n [$b childNodes] { - append html [$n asHTML] + # + # We have to protect against crashes, that might happen due to + # unsupported numeric entities in tdom. Therefore, we map + # numeric entities into something sufficiently opaque + # + set frag [string map [list &# "\0&#\0"] $html_fragment] + + if {[catch {dom parse -html $frag doc} errorMsg]} { + # we got an error, so do normal processing + ns_log notice "tdom can't parse the provided HTML, error=$errorMsg,\nchecking fragment without tdom" + } else { + $doc documentElement root + set html "" + # discard forms + foreach node [$root selectNodes //form] {$node delete} + # output wellformed html + set b [lindex [$root selectNodes {//body}] 0] + foreach n [$b childNodes] { + append html [$n asHTML] + } + return [string map [list "\0&#\0" &#] $html] } - return $html - } } set frag $html_fragment