summaryrefslogtreecommitdiffabout
authorLukas Fleischer <cgit@cryptocrack.de>2011-05-24 18:38:40 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2011-05-30 21:55:19 (UTC)
commit69382320d96232ee8c73e664797da61e733c2427 (patch) (side-by-side diff)
tree7f1d53505859cc6e15b261249a22d1604b3cd037
parentec79265f2053e6dc20e0ec486719f5954d2be83d (diff)
downloadcgit-69382320d96232ee8c73e664797da61e733c2427.zip
cgit-69382320d96232ee8c73e664797da61e733c2427.tar.gz
cgit-69382320d96232ee8c73e664797da61e733c2427.tar.bz2
Properly escape ampersands inside HTML attributes
Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--html.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/html.c b/html.c
index a0f6db4..24a03a5 100644
--- a/html.c
+++ b/html.c
@@ -135,22 +135,24 @@ void html_ntxt(int len, const char *txt)
void html_attr(const char *txt)
{
const char *t = txt;
while(t && *t){
int c = *t;
- if (c=='<' || c=='>' || c=='\'' || c=='\"') {
+ if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') {
html_raw(txt, t - txt);
if (c=='>')
html("&gt;");
else if (c=='<')
html("&lt;");
else if (c=='\'')
html("&#x27;");
else if (c=='"')
html("&quot;");
+ else if (c=='&')
+ html("&amp;");
txt = t+1;
}
t++;
}
if (t!=txt)
html(txt);