diff options
Diffstat (limited to 'src/html/houdini_html_e.c')
| -rw-r--r-- | src/html/houdini_html_e.c | 81 |
1 files changed, 0 insertions, 81 deletions
diff --git a/src/html/houdini_html_e.c b/src/html/houdini_html_e.c deleted file mode 100644 index f2e86fe..0000000 --- a/src/html/houdini_html_e.c +++ /dev/null @@ -1,81 +0,0 @@ -#include <assert.h> -#include <stdio.h> -#include <string.h> - -#include "html/houdini.h" - -/** - * According to the OWASP rules: - * - * & --> & - * < --> < - * > --> > - * " --> " - * ' --> ' ' is not recommended - * / --> / forward slash is included as it helps end an HTML entity - * - */ -static const char HTML_ESCAPE_TABLE[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -}; - -static const char *HTML_ESCAPES[] = { - "", - """, - "&", - "'", - "/", - "<", - ">" -}; - -int -houdini_escape_html0(strbuf *ob, const uint8_t *src, size_t size, int secure) -{ - size_t i = 0, org, esc = 0; - - while (i < size) { - org = i; - while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0) - i++; - - if (i > org) - strbuf_put(ob, src + org, i - org); - - /* escaping */ - if (unlikely(i >= size)) - break; - - /* The forward slash is only escaped in secure mode */ - if ((src[i] == '/' || src[i] == '\'') && !secure) { - strbuf_putc(ob, src[i]); - } else { - strbuf_puts(ob, HTML_ESCAPES[esc]); - } - - i++; - } - - return 1; -} - -int -houdini_escape_html(strbuf *ob, const uint8_t *src, size_t size) -{ - return houdini_escape_html0(ob, src, size, 1); -} |