[thirdparty/squid.git] / lib / html_quote.c

/*
 * $Id: html_quote.c,v 1.5 2003/01/23 00:37:01 robertc Exp $
 * 
 * DEBUG:
 * AUTHOR: Robert Collins
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "config.h"

#if HAVE_STDIO_H
#include <stdio.h>
#endif
#if HAVE_STRING_H
#include <string.h>
#endif

#include "util.h"
#include "snprintf.h"

/*  
 *  HTML defines these characters as special entities that should be quoted.
 */
static struct {
    unsigned char code;
    const char *quote;
} htmlstandardentities[] =

{
    /* NOTE: The quoted form MUST not be larger than 6 character.
     * see close to the MemPool commend below
     */
    {
	'<', "&lt;"
    },
    {
	'>', "&gt;"
    },
    {
	'"', "&quot;"
    },
    {
	'&', "&amp;"
    },
    {
	'\'', "&#39;"
    },
    {
	0, NULL
    }
};

/*
 *  html_do_quote - Returns a static buffer containing the quoted 
 *  string.
 */
char *
html_quote(const char *string)
{
    static char *buf;
    static size_t bufsize = 0;
    const char *src;
    char *dst;
    int i;

    /* XXX This really should be implemented using a MemPool, but
     * MemPools are not yet available in lib...
     */
    if (buf == NULL || strlen(string) * 6 > bufsize) {
	xfree(buf);
	bufsize = strlen(string) * 6 + 1;
	buf = xcalloc(bufsize, 1);
    }
    for (src = string, dst = buf; *src; src++) {
	const char *escape = NULL;
	const unsigned char ch = *src;

	/* Walk thru the list of HTML Entities that must be quoted to
	 * display safely
	 */
	for (i = 0; htmlstandardentities[i].code; i++) {
	    if (ch == htmlstandardentities[i].code) {
		escape = htmlstandardentities[i].quote;
		break;
	    }
	}
	/* Encode control chars just to be on the safe side, and make
	 * sure all 8-bit characters are encoded to protect from buggy
	 * clients
	 */
	if (!escape && (ch <= 0x1F || ch >= 0x7f) && ch != '\n' && ch != '\r' && ch != '\t') {
	    static char dec_encoded[7];
	    snprintf(dec_encoded, sizeof dec_encoded, "&#%3d;", (int) ch);
	    escape = dec_encoded;
	}
	if (escape) {
	    /* Ok, An escaped form was found above. Use it */
	    strncpy(dst, escape, 6);
	    dst += strlen(escape);
	} else {
	    /* Apparently there is no need to escape this character */
	    *dst++ = ch;
	}
    }
    /* Nullterminate and return the result */
    *dst = '\0';
    return (buf);
}
Commit	Line	Data
d8f20e85	1	/*
528b2c61	2	* $Id: html_quote.c,v 1.5 2003/01/23 00:37:01 robertc Exp $
d8f20e85	3	*
	4	* DEBUG:
	5	* AUTHOR: Robert Collins
	6	*
2b6662ba	7	* SQUID Web Proxy Cache http://www.squid-cache.org/
d8f20e85	8	* ----------------------------------------------------------
d8f20e85	9	*
2b6662ba	10	* Squid is the result of efforts by numerous individuals from
	11	* the Internet community; see the CONTRIBUTORS file for full
	12	* details. Many organizations have provided support for Squid's
	13	* development; see the SPONSORS file for full details. Squid is
	14	* Copyrighted (C) 2001 by the Regents of the University of
	15	* California; see the COPYRIGHT file for full details. Squid
	16	* incorporates software developed and/or copyrighted by other
	17	* sources; see the CREDITS file for full details.
d8f20e85	18	*
	19	* This program is free software; you can redistribute it and/or modify
	20	* it under the terms of the GNU General Public License as published by
	21	* the Free Software Foundation; either version 2 of the License, or
	22	* (at your option) any later version.
	23	*
	24	* This program is distributed in the hope that it will be useful,
	25	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	26	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	27	* GNU General Public License for more details.
	28	*
	29	* You should have received a copy of the GNU General Public License
	30	* along with this program; if not, write to the Free Software
	31	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	32	*
	33	*/
	34
	35	#include "config.h"
	36
	37	#if HAVE_STDIO_H
	38	#include <stdio.h>
	39	#endif
	40	#if HAVE_STRING_H
	41	#include <string.h>
	42	#endif
	43
	44	#include "util.h"
	45	#include "snprintf.h"
	46
	47	/*
	48	* HTML defines these characters as special entities that should be quoted.
	49	*/
	50	static struct {
	51	unsigned char code;
e016fecf	52	const char *quote;
d8f20e85	53	} htmlstandardentities[] =
	54
	55	{
	56	/* NOTE: The quoted form MUST not be larger than 6 character.
	57	* see close to the MemPool commend below
	58	*/
	59	{
	60	'<', "<"
	61	},
	62	{
	63	'>', ">"
	64	},
	65	{
	66	'"', """
	67	},
	68	{
	69	'&', "&"
	70	},
	71	{
	72	'\'', "'"
	73	},
	74	{
	75	0, NULL
	76	}
	77	};
	78
	79	/*
	80	* html_do_quote - Returns a static buffer containing the quoted
	81	* string.
	82	*/
	83	char *
	84	html_quote(const char *string)
	85	{
	86	static char *buf;
	87	static size_t bufsize = 0;
	88	const char *src;
	89	char *dst;
	90	int i;
	91
	92	/* XXX This really should be implemented using a MemPool, but
	93	* MemPools are not yet available in lib...
	94	*/
	95	if (buf == NULL \|\| strlen(string) * 6 > bufsize) {
	96	xfree(buf);
	97	bufsize = strlen(string) * 6 + 1;
	98	buf = xcalloc(bufsize, 1);
	99	}
	100	for (src = string, dst = buf; *src; src++) {
e016fecf	101	const char *escape = NULL;
d8f20e85	102	const unsigned char ch = *src;
	103
	104	/* Walk thru the list of HTML Entities that must be quoted to
	105	* display safely
	106	*/
	107	for (i = 0; htmlstandardentities[i].code; i++) {
	108	if (ch == htmlstandardentities[i].code) {
	109	escape = htmlstandardentities[i].quote;
	110	break;
	111	}
	112	}
	113	/* Encode control chars just to be on the safe side, and make
	114	* sure all 8-bit characters are encoded to protect from buggy
	115	* clients
	116	*/
	117	if (!escape && (ch <= 0x1F \|\| ch >= 0x7f) && ch != '\n' && ch != '\r' && ch != '\t') {
	118	static char dec_encoded[7];
	119	snprintf(dec_encoded, sizeof dec_encoded, "&#%3d;", (int) ch);
	120	escape = dec_encoded;
	121	}
	122	if (escape) {
	123	/* Ok, An escaped form was found above. Use it */
	124	strncpy(dst, escape, 6);
	125	dst += strlen(escape);
	126	} else {
	127	/* Apparently there is no need to escape this character */
	128	*dst++ = ch;
	129	}
	130	}
	131	/* Nullterminate and return the result */
	132	*dst = '\0';
	133	return (buf);
	134	}