From aa79ecfe724dcf872f5363b27a52d7581df03ed1 Mon Sep 17 00:00:00 2001 From: Kalle Olavi Niemitalo Date: Mon, 19 Mar 2007 08:32:43 +0200 Subject: [PATCH] add_html_to_string: Do not encode bytes 0x80...0xFF. Reported by Witold Filipczyk. --- src/util/conv.c | 2 +- src/util/conv.h | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/util/conv.c b/src/util/conv.c index 5beb001f..095dba40 100644 --- a/src/util/conv.c +++ b/src/util/conv.c @@ -275,7 +275,7 @@ struct string * add_html_to_string(struct string *string, const unsigned char *src, int len) { for (; len; len--, src++) { - if (*src < 0x20 || *src >= 0x7F + if (*src < 0x20 || *src == '<' || *src == '>' || *src == '&' || *src == '\"' || *src == '\'') { int rollback_length = string->length; diff --git a/src/util/conv.h b/src/util/conv.h index 86d220cc..d247ac69 100644 --- a/src/util/conv.h +++ b/src/util/conv.h @@ -76,7 +76,12 @@ add_string_replace(struct string *string, unsigned char *src, int len, #define add_real_optname_to_string(str, src, len) \ add_string_replace(str, src, len, '*', '.') -/* Convert reserved chars to html &#xx */ +/* Convert reserved chars to html &#xx;. This function copies bytes + * 0x80...0xFF unchanged, so the caller should ensure that the + * resulting HTML will be parsed with the same charset as the original + * string. (This function cannot use the   syntax for non-ASCII, + * because HTML wants Unicode numbers there and this function does not + * know the charset of the input data.) */ struct string *add_html_to_string(struct string *string, const unsigned char *html, int htmllen); /* Escapes \ and " with a \ */