aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Lukas Fleischer <cgit@cryptocrack.de>2011-05-25 03:38:40 (JST)
committerGravatar Lars Hjemli <hjemli@gmail.com>2011-05-31 06:55:19 (JST)
commit69382320d96232ee8c73e664797da61e733c2427 (patch)
tree7f1d53505859cc6e15b261249a22d1604b3cd037
parentec79265f2053e6dc20e0ec486719f5954d2be83d (diff)
downloadcgit-69382320d96232ee8c73e664797da61e733c2427.zip
cgit-69382320d96232ee8c73e664797da61e733c2427.tar.gz
Properly escape ampersands inside HTML attributes
Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat
-rw-r--r--html.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/html.c b/html.c
index a0f6db4..24a03a5 100644
--- a/html.c
+++ b/html.c
@@ -138,7 +138,7 @@ void html_attr(const char *txt)
138 const char *t = txt; 138 const char *t = txt;
139 while(t && *t){ 139 while(t && *t){
140 int c = *t; 140 int c = *t;
141 if (c=='<' || c=='>' || c=='\'' || c=='\"') { 141 if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') {
142 html_raw(txt, t - txt); 142 html_raw(txt, t - txt);
143 if (c=='>') 143 if (c=='>')
144 html("&gt;"); 144 html("&gt;");
@@ -148,6 +148,8 @@ void html_attr(const char *txt)
148 html("&#x27;"); 148 html("&#x27;");
149 else if (c=='"') 149 else if (c=='"')
150 html("&quot;"); 150 html("&quot;");
151 else if (c=='&')
152 html("&amp;");
151 txt = t+1; 153 txt = t+1;
152 } 154 }
153 t++; 155 t++;
generated by cgit v0.10.1 at 2025-10-26 01:42:13 (JST)