| author | Lukas Fleischer <cgit@cryptocrack.de> | 2011-05-24 18:38:40 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2011-05-30 21:55:19 (UTC) |
| commit | 69382320d96232ee8c73e664797da61e733c2427 (patch) (side-by-side diff) | |
| tree | 7f1d53505859cc6e15b261249a22d1604b3cd037 | |
| parent | ec79265f2053e6dc20e0ec486719f5954d2be83d (diff) | |
| download | cgit-69382320d96232ee8c73e664797da61e733c2427.zip cgit-69382320d96232ee8c73e664797da61e733c2427.tar.gz cgit-69382320d96232ee8c73e664797da61e733c2427.tar.bz2 | |
Properly escape ampersands inside HTML attributes
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | html.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -45,202 +45,204 @@ char *fmt(const char *format, ...) { static char buf[8][1024]; static int bufidx; int len; va_list args; bufidx++; bufidx &= 7; va_start(args, format); len = vsnprintf(buf[bufidx], sizeof(buf[bufidx]), format, args); va_end(args); if (len>sizeof(buf[bufidx])) { fprintf(stderr, "[html.c] string truncated: %s\n", format); exit(1); } return buf[bufidx]; } void html_raw(const char *data, size_t size) { write(htmlfd, data, size); } void html(const char *txt) { write(htmlfd, txt, strlen(txt)); } void htmlf(const char *format, ...) { static char buf[65536]; va_list args; va_start(args, format); vsnprintf(buf, sizeof(buf), format, args); va_end(args); html(buf); } void html_status(int code, const char *msg, int more_headers) { htmlf("Status: %d %s\n", code, msg); if (!more_headers) html("\n"); } void html_txt(const char *txt) { const char *t = txt; while(t && *t){ int c = *t; if (c=='<' || c=='>' || c=='&') { html_raw(txt, t - txt); if (c=='>') html(">"); else if (c=='<') html("<"); else if (c=='&') html("&"); txt = t+1; } t++; } if (t!=txt) html(txt); } void html_ntxt(int len, const char *txt) { const char *t = txt; while(t && *t && len--){ int c = *t; if (c=='<' || c=='>' || c=='&') { html_raw(txt, t - txt); if (c=='>') html(">"); else if (c=='<') html("<"); else if (c=='&') html("&"); txt = t+1; } t++; } if (t!=txt) html_raw(txt, t - txt); if (len<0) html("..."); } void html_attr(const char *txt) { const char *t = txt; while(t && *t){ int c = *t; - if (c=='<' || c=='>' || c=='\'' || c=='\"') { + if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') { html_raw(txt, t - txt); if (c=='>') html(">"); else if (c=='<') html("<"); else if (c=='\'') html("'"); else if (c=='"') html("""); + else if (c=='&') + html("&"); txt = t+1; } t++; } if (t!=txt) html(txt); } void html_url_path(const char *txt) { const char *t = txt; while(t && *t){ int c = *t; const char *e = url_escape_table[c]; if (e && c!='+' && c!='&') { html_raw(txt, t - txt); html(e); txt = t+1; } t++; } if (t!=txt) html(txt); } void html_url_arg(const char *txt) { const char *t = txt; while(t && *t){ int c = *t; const char *e = url_escape_table[c]; if (c == ' ') e = "+"; if (e) { html_raw(txt, t - txt); html(e); txt = t+1; } t++; } if (t!=txt) html(txt); } void html_hidden(const char *name, const char *value) { html("<input type='hidden' name='"); html_attr(name); html("' value='"); html_attr(value); html("'/>"); } void html_option(const char *value, const char *text, const char *selected_value) { html("<option value='"); html_attr(value); html("'"); if (selected_value && !strcmp(selected_value, value)) html(" selected='selected'"); html(">"); html_txt(text); html("</option>\n"); } void html_link_open(const char *url, const char *title, const char *class) { html("<a href='"); html_attr(url); if (title) { html("' title='"); html_attr(title); } if (class) { html("' class='"); html_attr(class); } html("'>"); } void html_link_close(void) { html("</a>"); } void html_fileperm(unsigned short mode) { htmlf("%c%c%c", (mode & 4 ? 'r' : '-'), (mode & 2 ? 'w' : '-'), (mode & 1 ? 'x' : '-')); } int html_include(const char *filename) { FILE *f; char buf[4096]; size_t len; |