diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2014-12-04 23:13:54 -0800 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2014-12-04 23:13:54 -0800 |
| commit | 27bd6c0b18318a9c43801409bbababf2ceb6302e (patch) | |
| tree | 9a0bf89df4ffc1e47346c6958e62d193f918c660 /src/html/houdini_html_e.c | |
| parent | ed17cfc71a19e614a437581b6991a43d06ca6e01 (diff) | |
Moved source files from src/html into src.
The separate directory presents problems for some simple
extension building systems, like luarocks.
Diffstat (limited to 'src/html/houdini_html_e.c')
| -rw-r--r-- | src/html/houdini_html_e.c | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/src/html/houdini_html_e.c b/src/html/houdini_html_e.c deleted file mode 100644 index f2e86fe..0000000 --- a/src/html/houdini_html_e.c +++ /dev/null @@ -1,81 +0,0 @@ -#include <assert.h> -#include <stdio.h> -#include <string.h> - -#include "html/houdini.h" - -/** - * According to the OWASP rules: - * - * & --> & - * < --> < - * > --> > - * " --> " - * ' --> ' ' is not recommended - * / --> / forward slash is included as it helps end an HTML entity - * - */ -static const char HTML_ESCAPE_TABLE[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -}; - -static const char *HTML_ESCAPES[] = { - "", - """, - "&", - "'", - "/", - "<", - ">" -}; - -int -houdini_escape_html0(strbuf *ob, const uint8_t *src, size_t size, int secure) -{ - size_t i = 0, org, esc = 0; - - while (i < size) { - org = i; - while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0) - i++; - - if (i > org) - strbuf_put(ob, src + org, i - org); - - /* escaping */ - if (unlikely(i >= size)) - break; - - /* The forward slash is only escaped in secure mode */ - if ((src[i] == '/' || src[i] == '\'') && !secure) { - strbuf_putc(ob, src[i]); - } else { - strbuf_puts(ob, HTML_ESCAPES[esc]); - } - - i++; - } - - return 1; -} - -int -houdini_escape_html(strbuf *ob, const uint8_t *src, size_t size) -{ - return houdini_escape_html0(ob, src, size, 1); -} |