From 7301073466281a20695db7bf02ea38ec6684d52a Mon Sep 17 00:00:00 2001
From: Titus Wormer <tituswormer@gmail.com>
Date: Mon, 24 Oct 2022 11:19:10 +0200
Subject: [PATCH] Fix to remove non-terminated character references

Related-to: remarkjs/remark#913.
---
 dev/lib/html.js | 17 ++++++++++++++---
 test/index.js   | 18 ++++++++++++++++++
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/dev/lib/html.js b/dev/lib/html.js
index 834353a..656a450 100644
--- a/dev/lib/html.js
+++ b/dev/lib/html.js
@@ -131,7 +131,12 @@ export function directiveHtml(options = {}) {
     /** @type {Attribute[]} */
     // @ts-expect-error
     const attributes = this.getData('directiveAttributes')
-    attributes.push(['id', parseEntities(this.sliceSerialize(token))])
+    attributes.push([
+      'id',
+      parseEntities(this.sliceSerialize(token), {
+        attribute: true
+      })
+    ])
   }
 
   /** @type {_Handle} */
@@ -140,7 +145,12 @@ export function directiveHtml(options = {}) {
     // @ts-expect-error
     const attributes = this.getData('directiveAttributes')
 
-    attributes.push(['class', parseEntities(this.sliceSerialize(token))])
+    attributes.push([
+      'class',
+      parseEntities(this.sliceSerialize(token), {
+        attribute: true
+      })
+    ])
   }
 
   /** @type {_Handle} */
@@ -160,7 +170,8 @@ export function directiveHtml(options = {}) {
     // @ts-expect-error
     const attributes = this.getData('directiveAttributes')
     attributes[attributes.length - 1][1] = parseEntities(
-      this.sliceSerialize(token)
+      this.sliceSerialize(token),
+      {attribute: true}
     )
   }
 
diff --git a/test/index.js b/test/index.js
index 75b364a..86ff9f1 100644
--- a/test/index.js
+++ b/test/index.js
@@ -1347,6 +1347,24 @@ test('content', (t) => {
     'should support unknown character references in attribute values'
   )
 
+  t.equal(
+    micromark(':a{href=&param}', options({'*': h})),
+    '<p><a href="&amp;param"></a></p>',
+    'should not support non-terminated character references in unquoted attribute values'
+  )
+
+  t.equal(
+    micromark(':a{href="&param"}', options({'*': h})),
+    '<p><a href="&amp;param"></a></p>',
+    'should not support non-terminated character references in double quoted attribute values'
+  )
+
+  t.equal(
+    micromark(":a{href='&param'}", options({'*': h})),
+    '<p><a href="&amp;param"></a></p>',
+    'should not support non-terminated character references in single quoted attribute values'
+  )
+
   t.equal(
     micromark(':span{a\nb}', options({'*': h})),
     '<p><span a="" b=""></span></p>',