From 27bd6c0b18318a9c43801409bbababf2ceb6302e Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Thu, 4 Dec 2014 23:13:54 -0800
Subject: Moved source files from src/html into src.

The separate directory presents problems for some simple
extension building systems, like luarocks.
---
 src/houdini_html_e.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 src/houdini_html_e.c

(limited to 'src/houdini_html_e.c')

diff --git a/src/houdini_html_e.c b/src/houdini_html_e.c
new file mode 100644
index 0000000..db5034b
--- /dev/null
+++ b/src/houdini_html_e.c
@@ -0,0 +1,81 @@
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "houdini.h"
+
+/**
+ * According to the OWASP rules:
+ *
+ * & --> &amp;
+ * < --> &lt;
+ * > --> &gt;
+ * " --> &quot;
+ * ' --> &#x27;     &apos; is not recommended
+ * / --> &#x2F;     forward slash is included as it helps end an HTML entity
+ *
+ */
+static const char HTML_ESCAPE_TABLE[] = {
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+};
+
+static const char *HTML_ESCAPES[] = {
+        "",
+        "&quot;",
+        "&amp;",
+        "&#39;",
+        "&#47;",
+        "&lt;",
+        "&gt;"
+};
+
+int
+houdini_escape_html0(strbuf *ob, const uint8_t *src, size_t size, int secure)
+{
+	size_t  i = 0, org, esc = 0;
+
+	while (i < size) {
+		org = i;
+		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
+			i++;
+
+		if (i > org)
+			strbuf_put(ob, src + org, i - org);
+
+		/* escaping */
+		if (unlikely(i >= size))
+			break;
+
+		/* The forward slash is only escaped in secure mode */
+		if ((src[i] == '/' || src[i] == '\'') && !secure) {
+			strbuf_putc(ob, src[i]);
+		} else {
+			strbuf_puts(ob, HTML_ESCAPES[esc]);
+		}
+
+		i++;
+	}
+
+	return 1;
+}
+
+int
+houdini_escape_html(strbuf *ob, const uint8_t *src, size_t size)
+{
+	return houdini_escape_html0(ob, src, size, 1);
+}
-- 
cgit v1.2.3