src/inc/htmshell.h 2817400f77ca691cedbc23df32154f00c0a4a77f

2817400f77ca691cedbc23df32154f00c0a4a77f
galt
  Wed Aug 17 22:14:46 2016 -0700
This commit refs #17815, #17782. Addressing XSS issues in warn and errAbort via new htmlSafef and encoding for several cases including html, attribrute, css, js, url or none. Encoding approach is based on OWASP recommendations.

diff --git src/inc/htmshell.h src/inc/htmshell.h
index 277a7b0..d150990 100644
--- src/inc/htmshell.h
+++ src/inc/htmshell.h
@@ -43,38 +43,37 @@
 void htmHorizontalLine(FILE *f);
 /* Print a horizontal line. */
 
 void htmTextOut(FILE *f, char *s);
 /* Print out string to file, if necessary replacing > with &gt; and the like */
 
 void htmlTextOut(char *s);
 /* Print out string, if necessary replacing > with &gt; and the like */
 
 char *htmlTextStripTags(char *s);
 /* Returns a cloned string with all html tags stripped out */
 
 char *htmlTextReplaceTagsWithChar(char *s, char ch);
 /* Returns a cloned string with all html tags replaced with given char (useful for tokenizing) */
 
-char *htmlEncodeText(char *s, boolean tagsOkay);
+char *htmlEncode(char *s);
 /* Returns a cloned string with quotes replaced by html codes.
-   Changes ',",\n and if not tagsOkay >,<,& to code equivalents.
+   Changes ',",\n and >,<,& to code equivalents.
    This differs from cgiEncode as it handles text that will
    be displayed in an html page or tooltip style title.  */
-#define htmlEncode(s) htmlEncodeText(s,FALSE)
 
-char *attributeEncode(char *str);
+char *attributeEncode(char *s);
 // encode double and single quotes in a string to be used as an element attribute
 
 void htmlMemDeath();
 /* Complain about lack of memory and abort.  */
 
 void htmlStart(char *title);
 /* Write the start of a cgi-generated html file */
 
 void htmStart(FILE *f, char *title);
 /* Write the start of a stand alone .html file. */
 
 void printBodyTag(FILE *f);
 // print starting BODY tag, including any appropriate attributes (class, background and bgcolor). 
 
 void htmStartWithHead(FILE *f, char *head, char *title);
@@ -182,15 +181,40 @@
 void htmlNoEscape();
 
 /* tell htmlOut to escape special HTML chars '<', '>' */
 void htmlDoEscape();
 
 /* Do not output a http header for error messages. Makes sure that very early
  * errors are not shown back to the user but trigger a 500 error, */
 void htmlSuppressErrors();
 
 /* Include an HTML file in a CGI.
  *   The file path is relative to the web server document root */
 void htmlIncludeWebFile(char *file);
 
 /* Include an HTML file in a CGI */
 void htmlIncludeFile(char *path);
+
+/* ===== Html printf-style escaping functions ====== */
+
+int htmlSafefAbort(boolean noAbort, char *format, ...)
+/* handle noAbort stderror logging and errAbort */
+#ifdef __GNUC__
+__attribute__((format(printf, 2, 3)))
+#endif
+;
+
+int vaHtmlSafefNoAbort(char *buffer, int bufSize, char *format, va_list args, boolean noAbort);
+/* VarArgs Format string to buffer, vsprintf style, only with buffer overflow
+ * checking.  The resulting string is always terminated with zero byte.
+ * Automatically escapes string values.
+ * This function should be efficient on statements with many strings to be escaped. */
+
+int htmlSafef(char *buffer, int bufSize, char *format, ...)
+/* Format string to buffer, vsprintf style, only with buffer overflow
+ * checking.  The resulting string is always terminated with zero byte. 
+ * Escapes string parameters. */
+#ifdef __GNUC__
+__attribute__((format(printf, 3, 4)))
+#endif
+;
+