From 4765f56c44e89dba3e1227b902c7954fc9e09b9a Mon Sep 17 00:00:00 2001
From: Erik Mogensen <erma@escenic.com>
Date: Fri, 28 Sep 2018 14:32:59 +0200
Subject: [PATCH] (breaking) Throw errors when invalid entities are
 encountered.

This is more in line with standard XML parsers.
---
 lib/escape.js       | 5 ++++-
 test/escape-test.js | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/escape.js b/lib/escape.js
index 90f15e3b..301692ff 100644
--- a/lib/escape.js
+++ b/lib/escape.js
@@ -38,7 +38,10 @@ function unescapeXMLReplace (match) {
     }
     throw new Error('Illegal XML character 0x' + num.toString(16))
   }
-  return unescapeXMLTable[match] || match
+  if (unescapeXMLTable[match]) {
+    return unescapeXMLTable[match] || match
+  }
+  throw new Error('Illegal XML entity ' + match)
 }
 
 exports.escapeXML = function escapeXML (s) {
diff --git a/test/escape-test.js b/test/escape-test.js
index e9d5248b..c09593a0 100644
--- a/test/escape-test.js
+++ b/test/escape-test.js
@@ -49,8 +49,8 @@ vows.describe('escape').addBatch({
     'unescapes \'': function () {
       assert.strictEqual(unescapeXML('&apos;'), '\'')
     },
-    'leaves invalid entities alone': function () {
-      assert.strictEqual(unescapeXML('&foobar;'), '&foobar;')
+    'throws on invalid entities': function () {
+      assert.throws(() => unescapeXML('&foobar;'), Error, 'Illegal XML entity &foobar;')
     },
     'unescapes numeric entities': function () {
       assert.strictEqual(unescapeXML('&#64;'), '@')