all repos — cgit @ 7efcef00b5aadf22f5be80ecd7b736398cf7f6b4

a hyperfast web frontend for git written in c 

html.c: use correct escaping in html attributes

First, an apostrophe is not a quote. Second, we also need to escape
quotes. And finally, quotes are encoded as '"', not '&quote;'.

Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
Lars Hjemli hjemli@gmail.com
Thu, 29 Jan 2009 22:21:15 +0100
commit

7efcef00b5aadf22f5be80ecd7b736398cf7f6b4

parent

ba75f6613ebce2d716334d912932f1bd78ef124f

1 files changed, 4 insertions(+), 2 deletions(-)

jump to
M html.chtml.c 
@@ -112,14 +112,16 @@ {
 	char *t = txt;
 	while(t && *t){
 		int c = *t;
-		if (c=='<' || c=='>' || c=='\'') {
+		if (c=='<' || c=='>' || c=='\'' || c=='\"') {
 			write(htmlfd, txt, t - txt);
 			if (c=='>')
 				html("&gt;");
 			else if (c=='<')
 				html("&lt;");
 			else if (c=='\'')
-				html("&quote;");
+				html("&#x27;");
+			else if (c=='"')
+				html("&quot;");
 			txt = t+1;
 		}
 		t++;