f60abda45cb49359266843c7bbfbafe2a2bf2051
tdreszer
Thu Jul 22 13:02:08 2010 -0700
Extended htmlEncode to handle single quotes properly
diff --git src/lib/htmshell.c src/lib/htmshell.c
index 5852517..3ad714d 100644
--- src/lib/htmshell.c
+++ src/lib/htmshell.c
@@ -124,66 +124,41 @@
htmTextOut(stdout, s);
}
-char *htmlEncode(char *s)
-/* Return a clone of s but if necessary replacing > with > and the like */
-{
-size_t len = 0;
-char c;
-char *encStr;
-char *p = s;
-if (s == NULL) /* do not try to encode a NULL pointer */
- return NULL;
-/* First pass through s to determine encoded length to allocate: */
-/* [as a shortcut, we could simply allocate 6*length of s] */
-while ((c = *p++) != 0)
- {
- switch (c)
+char *htmlEncodeText(char *s,boolean tagsOkay)
+/* Returns a cloned string with quotes replaced by html codes.
+ Changes ',",\n and if not tagsOkay >,<,& to code equivalents.
+ This differs from cgiEncode as it handles text that will
+ be displayed in an html page or tooltip style title. */
+{
+int size = strlen(s) + 3; // Add some slop
+if(tagsOkay)
+ size += countChars(s,'\n') * 4;
+else
{
- case '>':
- case '<':
- len += 4;
- break;
- case '&':
- len += 5;
- break;
- case '"':
- len += 6;
- break;
- default:
- len++;
- break;
- }
+ size += countChars(s,'>' ) * 4;
+ size += countChars(s,'<' ) * 4;
+ size += countChars(s,'&' ) * 5;
+ size += countChars(s,'\n') * 6;
}
-encStr = needMem(len+1);
-/* Second pass through s to encode: */
-len = 0;
-p = s;
-while ((c = *p++) != 0)
- {
- switch (c)
+size += countChars(s,'"' ) * 6;
+size += countChars(s,'\'') * 5;
+char *cleanQuote = needMem(size);
+safecpy(cleanQuote,size,s);
+
+// NOTE: While some internal HTML should work, a single quote (') will will screw it up!
+if(tagsOkay)
+ strSwapStrs(cleanQuote, size,"\n","
" ); // new lines also break the html
+else
{
- case '>':
- strcat(encStr+len, ">");
- len += 4;
- break;
- case '<':
- strcat(encStr+len, "<");
- len += 4;
- break;
- case '&':
- strcat(encStr+len, "&");
- len += 5;
- break;
- case '"':
- strcat(encStr+len, """);
- len += 6;
- break;
- default:
- encStr[len++] = c;
- break;
+ strSwapStrs(cleanQuote, size,"&" ,"&" ); // '&' is not the start of a control char
+ strSwapStrs(cleanQuote, size,">" ,">" ); // '>' is not the close of a tag
+ strSwapStrs(cleanQuote, size,"<" ,"<" ); // '<' is not the open of a tag
+ strSwapStrs(cleanQuote, size,"\n","|"); // new lines replaced with '|' for lack of a better alternative
}
- }
-return encStr;
+strSwapStrs(cleanQuote, size,"\"","""); // Shield double quotes
+strSwapStrs(cleanQuote, size,"'" ,"'" ); // Shield single quotes
+
+return cleanQuote;
}
@@ -249,14 +224,11 @@
htmlWarnBoxSetup(stdout); // sets up the warnBox if it hasn't already been done.
char warning[1024];
vsnprintf(warning,sizeof(warning),format, args);
-// NOTE: While some internal HTML should work, a single quote (') will will screw it all up!
-if( strSwapStrs(warning, sizeof(warning),"'","'") == -1) // Sheild single quotes
- strSwapChar(warning,'\'','`'); // ran out of memory, replacing them with (`)
-if( strSwapStrs(warning, sizeof(warning),"\n","
") == -1) // new lines also break the code
- strSwapChar(warning,'\n',' '); // ran out of memory, replacing them with ( )
+char *encodedMessage = htmlEncodeText(warning,TRUE); // NOTE: While some internal HTML should work, a single quote (') will will screw it all up!
printf("\n",warning); // NOTE that "--ERROR --" is needed at the end of this print!!
+ "warnList.innerHTML += '%s';}\n",encodedMessage); // NOTE that "--ERROR --" is needed at the end of this print!!
+freeMem(encodedMessage);
/* Log useful CGI info to stderr */
logCgiToStderr();