]>
Commit | Line | Data |
---|---|---|
d8f20e85 | 1 | /* |
2b6662ba | 2 | * $Id: html_quote.c,v 1.3 2001/01/12 00:37:12 wessels Exp $ |
d8f20e85 | 3 | * |
4 | * DEBUG: | |
5 | * AUTHOR: Robert Collins | |
6 | * | |
2b6662ba | 7 | * SQUID Web Proxy Cache http://www.squid-cache.org/ |
d8f20e85 | 8 | * ---------------------------------------------------------- |
9 | * | |
2b6662ba | 10 | * Squid is the result of efforts by numerous individuals from |
11 | * the Internet community; see the CONTRIBUTORS file for full | |
12 | * details. Many organizations have provided support for Squid's | |
13 | * development; see the SPONSORS file for full details. Squid is | |
14 | * Copyrighted (C) 2001 by the Regents of the University of | |
15 | * California; see the COPYRIGHT file for full details. Squid | |
16 | * incorporates software developed and/or copyrighted by other | |
17 | * sources; see the CREDITS file for full details. | |
d8f20e85 | 18 | * |
19 | * This program is free software; you can redistribute it and/or modify | |
20 | * it under the terms of the GNU General Public License as published by | |
21 | * the Free Software Foundation; either version 2 of the License, or | |
22 | * (at your option) any later version. | |
23 | * | |
24 | * This program is distributed in the hope that it will be useful, | |
25 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
26 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
27 | * GNU General Public License for more details. | |
28 | * | |
29 | * You should have received a copy of the GNU General Public License | |
30 | * along with this program; if not, write to the Free Software | |
31 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
32 | * | |
33 | */ | |
34 | ||
35 | #include "config.h" | |
36 | ||
37 | #if HAVE_STDIO_H | |
38 | #include <stdio.h> | |
39 | #endif | |
40 | #if HAVE_STRING_H | |
41 | #include <string.h> | |
42 | #endif | |
43 | ||
44 | #include "util.h" | |
45 | #include "snprintf.h" | |
46 | ||
47 | /* | |
48 | * HTML defines these characters as special entities that should be quoted. | |
49 | */ | |
50 | static struct { | |
51 | unsigned char code; | |
52 | char *quote; | |
53 | } htmlstandardentities[] = | |
54 | ||
55 | { | |
56 | /* NOTE: The quoted form MUST not be larger than 6 character. | |
57 | * see close to the MemPool commend below | |
58 | */ | |
59 | { | |
60 | '<', "<" | |
61 | }, | |
62 | { | |
63 | '>', ">" | |
64 | }, | |
65 | { | |
66 | '"', """ | |
67 | }, | |
68 | { | |
69 | '&', "&" | |
70 | }, | |
71 | { | |
72 | '\'', "'" | |
73 | }, | |
74 | { | |
75 | 0, NULL | |
76 | } | |
77 | }; | |
78 | ||
79 | /* | |
80 | * html_do_quote - Returns a static buffer containing the quoted | |
81 | * string. | |
82 | */ | |
83 | char * | |
84 | html_quote(const char *string) | |
85 | { | |
86 | static char *buf; | |
87 | static size_t bufsize = 0; | |
88 | const char *src; | |
89 | char *dst; | |
90 | int i; | |
91 | ||
92 | /* XXX This really should be implemented using a MemPool, but | |
93 | * MemPools are not yet available in lib... | |
94 | */ | |
95 | if (buf == NULL || strlen(string) * 6 > bufsize) { | |
96 | xfree(buf); | |
97 | bufsize = strlen(string) * 6 + 1; | |
98 | buf = xcalloc(bufsize, 1); | |
99 | } | |
100 | for (src = string, dst = buf; *src; src++) { | |
101 | char *escape = NULL; | |
102 | const unsigned char ch = *src; | |
103 | ||
104 | /* Walk thru the list of HTML Entities that must be quoted to | |
105 | * display safely | |
106 | */ | |
107 | for (i = 0; htmlstandardentities[i].code; i++) { | |
108 | if (ch == htmlstandardentities[i].code) { | |
109 | escape = htmlstandardentities[i].quote; | |
110 | break; | |
111 | } | |
112 | } | |
113 | /* Encode control chars just to be on the safe side, and make | |
114 | * sure all 8-bit characters are encoded to protect from buggy | |
115 | * clients | |
116 | */ | |
117 | if (!escape && (ch <= 0x1F || ch >= 0x7f) && ch != '\n' && ch != '\r' && ch != '\t') { | |
118 | static char dec_encoded[7]; | |
119 | snprintf(dec_encoded, sizeof dec_encoded, "&#%3d;", (int) ch); | |
120 | escape = dec_encoded; | |
121 | } | |
122 | if (escape) { | |
123 | /* Ok, An escaped form was found above. Use it */ | |
124 | strncpy(dst, escape, 6); | |
125 | dst += strlen(escape); | |
126 | } else { | |
127 | /* Apparently there is no need to escape this character */ | |
128 | *dst++ = ch; | |
129 | } | |
130 | } | |
131 | /* Nullterminate and return the result */ | |
132 | *dst = '\0'; | |
133 | return (buf); | |
134 | } |