Author: Don Hopkins <dhopkins@DonHopkins.com>

Bug 1087: ESI processor not quoting attributes correctly.

Use HTML 4.01 specified double-quotes instead of HTML 1.0 single quotes
and HTML-encode any double-quotes contained within the attribute data.

diff --git a/src/esi/Esi.cc b/src/esi/Esi.cc
index af01c6119740f4c44639efda97cfe09ef1422b07..ebf2df411efddaed1ecdc4bced752c6440d93b02 100644 (file)
--- a/src/esi/Esi.cc
+++ b/src/esi/Esi.cc
@@ -1028,10 +1028,19 @@ ESIContext::start(const char *el, const char **attr, size_t attrCount)
             assert (xstrncpy (pos, attr[i], sizeof(localbuf) + (pos - localbuf)));
             pos += strlen (pos);
             *pos++ = '=';
-            *pos++ = '\'';
-            assert (xstrncpy (pos, attr[i + 1], sizeof(localbuf) + (pos - localbuf)));
+            *pos++ = '\"';
+            const char *chPtr = attr[i + 1];
+            char ch;
+            while ((ch = *chPtr++) != '\0') {
+                if (ch == '\"') {
+                    assert( xstrncpy(pos, """, sizeof(localbuf) + (pos-localbuf)) );
+                    pos += 6;
+                } else {
+                    *(pos++) = ch;
+                }
+            }
             pos += strlen (pos);
-            *pos++ = '\'';
+            *pos++ = '\"';
         }
 
         *pos++ = '>';