From 88816a401567aa1a145514695433dfdef588a4f0 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Tue, 15 Jun 2021 18:21:47 +0200
Subject: [PATCH] utils: html_xss(): Add ' and &

They REALLY should have been there from the beginning...
---
 utils.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/utils.cpp b/utils.cpp
index 3df6306..7783e6d 100644
--- a/utils.cpp
+++ b/utils.cpp
@@ -46,6 +46,12 @@ std::string utils::html_xss(std::string_view str)
 		case '%':
 			result += "&#37;";
 			break;
+		case '\'':
+			result += "&#x27;";
+			break;
+		case '&':
+			result += "&amp;";
+			break;
 		default:
 			result += c;
 		}
@@ -93,7 +99,7 @@ std::vector<std::string> utils::split(const std::string &str, char delim)
 // TODO: can easily break if we pass a regex here
 std::vector<std::string> utils::split(const std::string &str, const std::string &delim)
 {
-	std::regex regex { delim + "+" };
+	std::regex regex{delim + "+"};
 	return split(str, regex);
 }