From 36dd1fa267575d717e7cf5c75af698c34f55b8b8 Mon Sep 17 00:00:00 2001
From: Kalle Olavi Niemitalo <kon@iki.fi>
Date: Sun, 18 Mar 2007 11:10:33 +0200
Subject: [PATCH] add_html_to_string: Encode only known unsafe or non-ASCII
 characters.

In particular, do not encode '%' and '/', which are common in URIs.
---
 src/util/conv.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/util/conv.c b/src/util/conv.c
index 5a43dbc65..c7ddd66c2 100644
--- a/src/util/conv.c
+++ b/src/util/conv.c
@@ -274,22 +274,18 @@ add_string_replace(struct string *string, unsigned char *src, int len,
 struct string *
 add_html_to_string(struct string *string, const unsigned char *src, int len)
 {
-
-#define isalphanum(q) (isalnum(q) || (q) == '-' || (q) == '_')
-
 	for (; len; len--, src++) {
-		if (isalphanum(*src) || *src == ' '
-		    || *src == '.' || *src == ':' || *src == ';') {
-			add_bytes_to_string(string, src, 1);
-		} else {
+		if (*src < 0x20 || *src >= 0x7F
+		    || *src == '<' || *src == '>' || *src == '&'
+		    || *src == '\"' || *src == '\'') {
 			add_bytes_to_string(string, "&#", 2);
 			add_long_to_string(string, (long) *src);
 			add_char_to_string(string, ';');
+		} else {
+			add_char_to_string(string, *src);
 		}
 	}
 
-#undef isalphanum
-
 	return string;
 }