2c2
< index 970436c..35d3b33 100644
---
> index 970436c..dbeaf26 100644
11c11
< +      return $class::decodeInvalidNumericEntities($matches, $class);
---
> +      return $class::decode($matches, $class);
17c17
< @@ -132,5 +137,129 @@ public static function placeholder($text) {
---
> @@ -132,5 +137,133 @@ public static function placeholder($text) {
36c36
< +  protected static function decodeInvalidNumericEntities($match, $class) {
---
> +  protected static function decode($match, $class) {
44c44,48
< +    if ($code < 0x110000 && !$class::unicodeCpIsAllowed($code, ENT_HTML401)) {
---
> +    //parse is failed or $code = &#0000;
> +    if (!$code) {
> +      return '\0';
> +    }
> +    if (!$class::unicodeCpIsAllowed($code, ENT_HTML401)) {
49c53
< +
---
>  
85c89
<  
---
> +
120c124
< +  public static function unicodeCpIsAllowed($uni_cp, $document_type) {
---
> +  protected static function unicodeCpIsAllowed($uni_cp, $document_type) {
164,196d167
< diff --git a/core/tests/Drupal/Tests/Component/Utility/StringTest.php b/core/tests/Drupal/Tests/Component/Utility/StringTest.php
< index 358ee2d..1f3e4c1 100644
< --- a/core/tests/Drupal/Tests/Component/Utility/StringTest.php
< +++ b/core/tests/Drupal/Tests/Component/Utility/StringTest.php
< @@ -141,4 +141,28 @@ public function providerDecodeEntities() {
<      );
<    }
<  
< +  /**
< +   * Tests String::decodeEntities()
< +   *
< +   * @covers ::decodeInvalidNumericEntities, ::unicodeCpIsAllowed, ::utf8
< +   */
< +  public function testDecodeInvalidEntities() {
< +    $convmap = array(0x0, 0x10FFFF, 0, 0x1FFFFF);
< +    for ($cp=0; $cp<0x10FFFF; $cp++) {
< +      $input = "&#". (string)$cp. ";";
< +      $output = String::decodeEntities($input);
< +      $output_prev = html_entity_decode($input, ENT_QUOTES, 'UTF-8');
< +      if ($output_prev === $input) {
< +        $this->assertFalse(String::unicodeCpIsAllowed($cp, ENT_HTML401), $input." was not decoded native");
< +      }
< +      else {
< +        $this->assertTrue(String::unicodeCpIsAllowed($cp, ENT_HTML401), $input." was decoded not native");
< +      }
< +      if (function_exists('mb_decode_numericentity')) {
< +        $expected_output = mb_decode_numericentity($input, $convmap, 'UTF-8');
< +        $this->assertSame($expected_output, $output, $input. " wrong decoded");
< +      }
< +
< +    }
< +  }
<  }