html_quote.c
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10#include "html_quote.h"
11
12#if HAVE_STRING_H
13#include <string.h>
14#endif
15
16/*
17 * HTML defines these characters as special entities that should be quoted.
18 */
19static struct {
20 unsigned char code;
21 const char *quote;
23
24{
25 /* NOTE: The quoted form MUST not be larger than 6 character.
26 * see close to the MemPool commend below
27 */
28 {
29 '<', "&lt;"
30 },
31 {
32 '>', "&gt;"
33 },
34 {
35 '"', "&quot;"
36 },
37 {
38 '&', "&amp;"
39 },
40 {
41 '\'', "&#39;"
42 },
43 {
44 0, NULL
45 }
46};
47
48/*
49 * html_do_quote - Returns a static buffer containing the quoted
50 * string.
51 */
52char *
53html_quote(const char *string)
54{
55 static char *buf;
56 static size_t bufsize = 0;
57 const char *src;
58 char *dst;
59 int i;
60
61 /* XXX This really should be implemented using a MemPool, but
62 * MemPools are not yet available in lib...
63 */
64 if (buf == NULL || strlen(string) * 6 > bufsize) {
65 xfree(buf);
66 bufsize = strlen(string) * 6 + 1;
67 buf = xcalloc(bufsize, 1);
68 }
69 for (src = string, dst = buf; *src; src++) {
70 const char *escape = NULL;
71 const unsigned char ch = *src;
72
73 /* Walk thru the list of HTML Entities that must be quoted to
74 * display safely
75 */
76 for (i = 0; htmlstandardentities[i].code; i++) {
77 if (ch == htmlstandardentities[i].code) {
78 escape = htmlstandardentities[i].quote;
79 break;
80 }
81 }
82 /* Encode control chars just to be on the safe side, and make
83 * sure all 8-bit characters are encoded to protect from buggy
84 * clients
85 */
86 if (!escape && (ch <= 0x1F || ch >= 0x7f) && ch != '\n' && ch != '\r' && ch != '\t') {
87 static char dec_encoded[7];
88 snprintf(dec_encoded, sizeof dec_encoded, "&#%3d;", (int) ch);
89 escape = dec_encoded;
90 }
91 if (escape) {
92 /* Ok, An escaped form was found above. Use it */
93 strncpy(dst, escape, 7);
94 dst += strlen(escape);
95 } else {
96 /* Apparently there is no need to escape this character */
97 *dst++ = ch;
98 }
99 }
100 /* Nullterminate and return the result */
101 *dst = '\0';
102 return (buf);
103}
104
char * html_quote(const char *string)
Definition: html_quote.c:53
unsigned char code
Definition: html_quote.c:20
const char * quote
Definition: html_quote.c:21
static struct @21 htmlstandardentities[]
#define xfree
#define NULL
Definition: types.h:166
void * xcalloc(size_t n, size_t sz)
Definition: xalloc.cc:71

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors