mirror of
https://git.zx2c4.com/cgit
synced 2024-12-22 15:11:53 +00:00
html.c: use correct escaping in html attributes
First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '"', not '"e;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
ba75f6613e
commit
7efcef00b5
6
html.c
6
html.c
@ -112,14 +112,16 @@ void html_attr(char *txt)
|
||||
char *t = txt;
|
||||
while(t && *t){
|
||||
int c = *t;
|
||||
if (c=='<' || c=='>' || c=='\'') {
|
||||
if (c=='<' || c=='>' || c=='\'' || c=='\"') {
|
||||
write(htmlfd, txt, t - txt);
|
||||
if (c=='>')
|
||||
html(">");
|
||||
else if (c=='<')
|
||||
html("<");
|
||||
else if (c=='\'')
|
||||
html(""e;");
|
||||
html("'");
|
||||
else if (c=='"')
|
||||
html(""");
|
||||
txt = t+1;
|
||||
}
|
||||
t++;
|
||||
|
Loading…
Reference in New Issue
Block a user