Merge branch 'master' of git://anonscm.debian.org/debian-xml-sgml/libxml2

author: Igor Pashev <pashev.igor@gmail.com> 2015-10-19 15:39:54 +0300
committer: Igor Pashev <pashev.igor@gmail.com> 2015-10-19 15:39:54 +0300
commit: 76d018a8af27653c40229684724c185830b1c482 (patch)
tree: 4765d32bae0948b8e929564d6eba54de1675b7a3 /HTMLtree.c
parent: 5beef1c7a526e014a37ca8a422911e574d3e6951 (diff)
parent: 76c19f4d5b3328c05649314336d27c1f44a49e96 (diff)
download: libxml2-76d018a8af27653c40229684724c185830b1c482.tar.gz
1 files changed, 38 insertions, 11 deletions
diff --git a/HTMLtree.c b/HTMLtree.c
index 4d8e354..5c57fc5 100644
--- a/HTMLtree.c
+++ b/HTMLtree.c
@@ -716,22 +716,49 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
 		 (!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
 		 ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
 		  (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
-		xmlChar *escaped;
 		xmlChar *tmp = value;
+		/* xmlURIEscapeStr() escapes '"' so it can be safely used. */
+		xmlBufCCat(buf->buffer, "\"");
 
 		while (IS_BLANK_CH(*tmp)) tmp++;
 
-		/*
-		 * the < and > have already been escaped at the entity level
-		 * And doing so here breaks server side includes
-		 */
-		escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
-		if (escaped != NULL) {
-		    xmlBufWriteQuotedString(buf->buffer, escaped);
-		    xmlFree(escaped);
-		} else {
-		    xmlBufWriteQuotedString(buf->buffer, value);
+		/* URI Escape everything, except server side includes. */
+		for ( ; ; ) {
+		    xmlChar *escaped;
+		    xmlChar endChar;
+		    xmlChar *end = NULL;
+		    xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
+		    if (start != NULL) {
+			end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
+			if (end != NULL) {
+			    *start = '\0';
+			}
+		    }
+
+		    /* Escape the whole string, or until start (set to '\0'). */
+		    escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
+		    if (escaped != NULL) {
+		        xmlBufCat(buf->buffer, escaped);
+		        xmlFree(escaped);
+		    } else {
+		        xmlBufCat(buf->buffer, tmp);
+		    }
+
+		    if (end == NULL) { /* Everything has been written. */
+			break;
+		    }
+
+		    /* Do not escape anything within server side includes. */
+		    *start = '<'; /* Restore the first character of "<!--". */
+		    end += 3; /* strlen("-->") */
+		    endChar = *end;
+		    *end = '\0';
+		    xmlBufCat(buf->buffer, start);
+		    *end = endChar;
+		    tmp = end;
 		}
+
+		xmlBufCCat(buf->buffer, "\"");
 	    } else {
 		xmlBufWriteQuotedString(buf->buffer, value);
 	    }
author	Igor Pashev <pashev.igor@gmail.com>	2015-10-19 15:39:54 +0300
committer	Igor Pashev <pashev.igor@gmail.com>	2015-10-19 15:39:54 +0300
commit	76d018a8af27653c40229684724c185830b1c482 (patch)
tree	4765d32bae0948b8e929564d6eba54de1675b7a3 /HTMLtree.c
parent	5beef1c7a526e014a37ca8a422911e574d3e6951 (diff)
parent	76c19f4d5b3328c05649314336d27c1f44a49e96 (diff)
download	libxml2-76d018a8af27653c40229684724c185830b1c482.tar.gz