html.c: use correct escaping in html attributes
First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '"', not '"e;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
ba75f6613e
commit
7efcef00b5
6
html.c
6
html.c
@ -112,14 +112,16 @@ void html_attr(char *txt)
|
|||||||
char *t = txt;
|
char *t = txt;
|
||||||
while(t && *t){
|
while(t && *t){
|
||||||
int c = *t;
|
int c = *t;
|
||||||
if (c=='<' || c=='>' || c=='\'') {
|
if (c=='<' || c=='>' || c=='\'' || c=='\"') {
|
||||||
write(htmlfd, txt, t - txt);
|
write(htmlfd, txt, t - txt);
|
||||||
if (c=='>')
|
if (c=='>')
|
||||||
html(">");
|
html(">");
|
||||||
else if (c=='<')
|
else if (c=='<')
|
||||||
html("<");
|
html("<");
|
||||||
else if (c=='\'')
|
else if (c=='\'')
|
||||||
html(""e;");
|
html("'");
|
||||||
|
else if (c=='"')
|
||||||
|
html(""");
|
||||||
txt = t+1;
|
txt = t+1;
|
||||||
}
|
}
|
||||||
t++;
|
t++;
|
||||||
|
Loading…
Reference in New Issue
Block a user