author | Lars Hjemli <hjemli@gmail.com> | 2008-10-05 10:49:46 (UTC) |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2008-10-05 10:49:46 (UTC) |
commit | a36a0d9dec8a3ba79501d2526d648e44306f0fdd (patch) (unidiff) | |
tree | ab9a6b2a0fc413887fb3fc1ddfd4fce54e26b599 /html.c | |
parent | f82b19407dd876e6c02a572615bf34b09f6fa831 (diff) | |
download | cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.zip cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.gz cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.bz2 |
html.c: add html_url_arg
This function can be used to properly escape querystring parameter values.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r-- | html.c | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -123,16 +123,32 @@ void html_attr(char *txt) | |||
123 | txt = t+1; | 123 | txt = t+1; |
124 | } | 124 | } |
125 | t++; | 125 | t++; |
126 | } | 126 | } |
127 | if (t!=txt) | 127 | if (t!=txt) |
128 | html(txt); | 128 | html(txt); |
129 | } | 129 | } |
130 | 130 | ||
131 | void html_url_arg(char *txt) | ||
132 | { | ||
133 | char *t = txt; | ||
134 | while(t && *t){ | ||
135 | int c = *t; | ||
136 | if (c=='"' || c=='#' || c=='%' || c=='&' || c=='\'' || c=='+' || c=='?') { | ||
137 | write(htmlfd, txt, t - txt); | ||
138 | write(htmlfd, fmt("%%%2x", c), 3); | ||
139 | txt = t+1; | ||
140 | } | ||
141 | t++; | ||
142 | } | ||
143 | if (t!=txt) | ||
144 | html(txt); | ||
145 | } | ||
146 | |||
131 | void html_hidden(char *name, char *value) | 147 | void html_hidden(char *name, char *value) |
132 | { | 148 | { |
133 | html("<input type='hidden' name='"); | 149 | html("<input type='hidden' name='"); |
134 | html_attr(name); | 150 | html_attr(name); |
135 | html("' value='"); | 151 | html("' value='"); |
136 | html_attr(value); | 152 | html_attr(value); |
137 | html("'/>"); | 153 | html("'/>"); |
138 | } | 154 | } |