use URI::Escape qw(uri_escape_utf8);
use PublicInbox::MID qw/mid_clean/;
use base qw/Exporter/;
-our @EXPORT_OK = qw/ascii_html utf8_html/;
+our @EXPORT_OK = qw/ascii_html utf8_html to_attr from_attr/;
# for user-generated content (UGC) which may have excessively long lines
# and screw up rendering on some browsers. This is the only CSS style
index($u, '//') == 0 ? "$env->{'psgi.url_scheme'}:$u" : $u;
}
+# convert a filename (or any string) to HTML attribute
+
+my %ESCAPES = map { chr($_) => sprintf('::%02x', $_) } (0..255);
+$ESCAPES{'/'} = ':'; # common
+
+sub to_attr ($) {
+ my ($str) = @_;
+
+ # git would never do this to us:
+ die "invalid filename: $str" if index($str, '//') >= 0;
+
+ my $first = '';
+ if ($str =~ s/\A([^A-Ya-z])//ms) { # start with a letter
+ $first = sprintf('Z%02x', ord($1));
+ }
+ $str =~ s/([^A-Za-z0-9_\.\-])/$ESCAPES{$1}/egms;
+ $first . $str;
+}
+
+# reverse the result of to_attr
+sub from_attr ($) {
+ my ($str) = @_;
+ my $first = '';
+ if ($str =~ s/\AZ([a-f0-9]{2})//ms) {
+ $first = chr(hex($1));
+ }
+ $str =~ s!::([a-f0-9]{2})!chr(hex($1))!egms;
+ $str =~ tr!:!/!;
+ $first . $str;
+}
+
1;
--- /dev/null
+# Copyright (C) 2015 all contributors <meta@public-inbox.org>
+# License: AGPL-3.0+ (https://www.gnu.org/licenses/agpl-3.0.txt)
+use strict;
+use warnings;
+use Test::More;
+use PublicInbox::Hval qw(to_attr from_attr);
+
+foreach my $s ('Hello/World.pm', 'Zcat', 'hello world.c', 'Eléanor', '$at') {
+ my $attr = to_attr($s);
+ is(from_attr($attr), $s, "$s => $attr => $s round trips");
+}
+
+{
+ my $bad = eval { to_attr('foo//bar') };
+ my $err = $@;
+ ok(!$bad, 'double-slash rejected');
+ like($err, qr/invalid filename:/, 'got exception message');
+}
+
+done_testing();
projects / thirdparty / public-inbox.git / commitdiff
