html.c: use correct escaping in html attributes

First, an apostrophe is not a quote. Second, we also need to escape
quotes. And finally, quotes are encoded as '"', not '&quote;'.

Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lars Hjemli 2009-01-29 22:21:15 +01:00
parent ba75f6613e
commit 7efcef00b5

6
html.c
View File

@ -112,14 +112,16 @@ void html_attr(char *txt)
char *t = txt; char *t = txt;
while(t && *t){ while(t && *t){
int c = *t; int c = *t;
if (c=='<' || c=='>' || c=='\'') { if (c=='<' || c=='>' || c=='\'' || c=='\"') {
write(htmlfd, txt, t - txt); write(htmlfd, txt, t - txt);
if (c=='>') if (c=='>')
html("&gt;"); html("&gt;");
else if (c=='<') else if (c=='<')
html("&lt;"); html("&lt;");
else if (c=='\'') else if (c=='\'')
html("&quote;"); html("&#x27;");
else if (c=='"')
html("&quot;");
txt = t+1; txt = t+1;
} }
t++; t++;