html.c: use correct escaping in html attributes
First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '"', not '"e;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
这个提交包含在:
父节点
ba75f6613e
当前提交
7efcef00b5
6
html.c
6
html.c
@ -112,14 +112,16 @@ void html_attr(char *txt)
|
||||
char *t = txt;
|
||||
while(t && *t){
|
||||
int c = *t;
|
||||
if (c=='<' || c=='>' || c=='\'') {
|
||||
if (c=='<' || c=='>' || c=='\'' || c=='\"') {
|
||||
write(htmlfd, txt, t - txt);
|
||||
if (c=='>')
|
||||
html(">");
|
||||
else if (c=='<')
|
||||
html("<");
|
||||
else if (c=='\'')
|
||||
html(""e;");
|
||||
html("'");
|
||||
else if (c=='"')
|
||||
html(""");
|
||||
txt = t+1;
|
||||
}
|
||||
t++;
|
||||
|
正在加载...
在新工单中引用
屏蔽一个用户