html.c: use correct escaping in html attributes

First, an apostrophe is not a quote. Second, we also need to escape
quotes. And finally, quotes are encoded as '"', not '&quote;'.

Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lars Hjemli 2009-01-29 22:21:15 +01:00
vanhempi ba75f6613e
commit 7efcef00b5

6
html.c
Näytä tiedosto

@ -112,14 +112,16 @@ void html_attr(char *txt)
char *t = txt;
while(t && *t){
int c = *t;
if (c=='<' || c=='>' || c=='\'') {
if (c=='<' || c=='>' || c=='\'' || c=='\"') {
write(htmlfd, txt, t - txt);
if (c=='>')
html("&gt;");
else if (c=='<')
html("&lt;");
else if (c=='\'')
html("&quote;");
html("&#x27;");
else if (c=='"')
html("&quot;");
txt = t+1;
}
t++;