Properly escape ampersands inside HTML attributes

Ampersands ("&") appearing inside HTML attributes need to be translated to "&". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
author: Lukas Fleischer <cgit@cryptocrack.de> 2011-05-24 20:38:40 +0200
committer: Lars Hjemli <hjemli@gmail.com> 2011-05-30 23:55:19 +0200
commit: 69382320d96232ee8c73e664797da61e733c2427 (patch)
tree: 7f1d53505859cc6e15b261249a22d1604b3cd037 /html.c
parent: ec79265f2053e6dc20e0ec486719f5954d2be83d (diff)
download: cgit-69382320d96232ee8c73e664797da61e733c2427.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/html.c b/html.c
index a0f6db4..24a03a5 100644
--- a/html.c
+++ b/html.c
@@ -138,7 +138,7 @@ void html_attr(const char *txt)
          const char *t = txt;
          while(t && *t){
                  int c = *t;
-                if (c=='<' || c=='>' || c=='\'' || c=='\"') {
+                if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') {
                          html_raw(txt, t - txt);
                          if (c=='>')
                                  html("&gt;");
@@ -148,6 +148,8 @@ void html_attr(const char *txt)
                                  html("&#x27;");
                          else if (c=='"')
                                  html("&quot;");
+                        else if (c=='&')
+                                html("&amp;");
                          txt = t+1;
                  }
                  t++;
author	Lukas Fleischer <cgit@cryptocrack.de>	2011-05-24 20:38:40 +0200
committer	Lars Hjemli <hjemli@gmail.com>	2011-05-30 23:55:19 +0200
commit	69382320d96232ee8c73e664797da61e733c2427 (patch)
tree	7f1d53505859cc6e15b261249a22d1604b3cd037 /html.c
parent	ec79265f2053e6dc20e0ec486719f5954d2be83d (diff)
download	cgit-69382320d96232ee8c73e664797da61e733c2427.tar.gz