author | Lars Hjemli <hjemli@gmail.com> | 2008-10-05 10:49:46 (UTC) |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2008-10-05 10:49:46 (UTC) |
commit | a36a0d9dec8a3ba79501d2526d648e44306f0fdd (patch) (side-by-side diff) | |
tree | ab9a6b2a0fc413887fb3fc1ddfd4fce54e26b599 | |
parent | f82b19407dd876e6c02a572615bf34b09f6fa831 (diff) | |
download | cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.zip cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.gz cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.bz2 |
html.c: add html_url_arg
This function can be used to properly escape querystring parameter values.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r-- | html.c | 16 | ||||
-rw-r--r-- | html.h | 1 |
2 files changed, 17 insertions, 0 deletions
@@ -128,6 +128,22 @@ void html_attr(char *txt) html(txt); } +void html_url_arg(char *txt) +{ + char *t = txt; + while(t && *t){ + int c = *t; + if (c=='"' || c=='#' || c=='%' || c=='&' || c=='\'' || c=='+' || c=='?') { + write(htmlfd, txt, t - txt); + write(htmlfd, fmt("%%%2x", c), 3); + txt = t+1; + } + t++; + } + if (t!=txt) + html(txt); +} + void html_hidden(char *name, char *value) { html("<input type='hidden' name='"); @@ -10,6 +10,7 @@ extern void html_status(int code, const char *msg, int more_headers); extern void html_txt(char *txt); extern void html_ntxt(int len, char *txt); extern void html_attr(char *txt); +extern void html_url_arg(char *txt); extern void html_hidden(char *name, char *value); extern void html_option(char *value, char *text, char *selected_value); extern void html_link_open(char *url, char *title, char *class); |