[utils] Escape all HTML entities written in hexadecimal form

9 years ago · 91757b0f37
parent fbfcc2972b
commit 91757b0f37
2 changed files with 3 additions and 1 deletions
--- a/test/test_utils.py
+++ b/test/test_utils.py
@ -200,6 +200,8 @@ class TestUtil(unittest.TestCase):

    def test_unescape_html(self):
        self.assertEqual(unescapeHTML('%20;'), '%20;')
+        self.assertEqual(unescapeHTML('&#x2F;'), '/')
+        self.assertEqual(unescapeHTML('&#47;'), '/')
        self.assertEqual(
            unescapeHTML('&eacute;'), 'é')

--- a/youtube_dl/utils.py
+++ b/youtube_dl/utils.py
@ -348,7 +348,7 @@ def _htmlentity_transform(entity):
    if entity in compat_html_entities.name2codepoint:
        return compat_chr(compat_html_entities.name2codepoint[entity])

-    mobj = re.match(r'#(x?[0-9]+)', entity)
+    mobj = re.match(r'#(x[0-9a-fA-F]+|[0-9]+)', entity)
    if mobj is not None:
        numstr = mobj.group(1)
        if numstr.startswith('x'):