diff options
| author | Raphaël Hertzog <hertzog@debian.org> | 2015-08-25 21:55:55 +0200 |
|---|---|---|
| committer | Raphaël Hertzog <hertzog@debian.org> | 2015-08-25 21:55:55 +0200 |
| commit | 21ee18bdbc9a9d4500e12a1399d51c593b8b31d4 (patch) | |
| tree | 35c498d3ec731bcf7b90ce66bce68ecd54659250 /HTMLtree.c | |
| parent | de338c1adfa336ddb5177ceb5c63bcd868a0ebc7 (diff) | |
| parent | 7300193becde71a344c8ac0973dc290fa24d800d (diff) | |
| download | libxml2-21ee18bdbc9a9d4500e12a1399d51c593b8b31d4.tar.gz | |
Merge tag 'upstream/2.9.1+dfsg1'
Upstream version 2.9.1+dfsg1
Diffstat (limited to 'HTMLtree.c')
| -rw-r--r-- | HTMLtree.c | 49 |
1 files changed, 11 insertions, 38 deletions
@@ -716,49 +716,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur, (!xmlStrcasecmp(cur->name, BAD_CAST "src")) || ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) && (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) { + xmlChar *escaped; xmlChar *tmp = value; - /* xmlURIEscapeStr() escapes '"' so it can be safely used. */ - xmlBufCCat(buf->buffer, "\""); while (IS_BLANK_CH(*tmp)) tmp++; - /* URI Escape everything, except server side includes. */ - for ( ; ; ) { - xmlChar *escaped; - xmlChar endChar; - xmlChar *end = NULL; - xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--"); - if (start != NULL) { - end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->"); - if (end != NULL) { - *start = '\0'; - } - } - - /* Escape the whole string, or until start (set to '\0'). */ - escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+"); - if (escaped != NULL) { - xmlBufCat(buf->buffer, escaped); - xmlFree(escaped); - } else { - xmlBufCat(buf->buffer, tmp); - } - - if (end == NULL) { /* Everything has been written. */ - break; - } - - /* Do not escape anything within server side includes. */ - *start = '<'; /* Restore the first character of "<!--". */ - end += 3; /* strlen("-->") */ - endChar = *end; - *end = '\0'; - xmlBufCat(buf->buffer, start); - *end = endChar; - tmp = end; + /* + * the < and > have already been escaped at the entity level + * And doing so here breaks server side includes + */ + escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>"); + if (escaped != NULL) { + xmlBufWriteQuotedString(buf->buffer, escaped); + xmlFree(escaped); + } else { + xmlBufWriteQuotedString(buf->buffer, value); } - - xmlBufCCat(buf->buffer, "\""); } else { xmlBufWriteQuotedString(buf->buffer, value); } |