Properly escape ampersands inside HTML attributes

Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lukas Fleischer 2011-05-24 20:38:40 +02:00 committed by Lars Hjemli
parent ec79265f20
commit 69382320d9

4
html.c
View File

@ -138,7 +138,7 @@ void html_attr(const char *txt)
const char *t = txt;
while(t && *t){
int c = *t;
if (c=='<' || c=='>' || c=='\'' || c=='\"') {
if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') {
html_raw(txt, t - txt);
if (c=='>')
html("&gt;");
@ -148,6 +148,8 @@ void html_attr(const char *txt)
html("&#x27;");
else if (c=='"')
html("&quot;");
else if (c=='&')
html("&amp;");
txt = t+1;
}
t++;