diff options
author | Aron Xu <aron@debian.org> | 2015-09-21 22:55:55 +0800 |
---|---|---|
committer | Aron Xu <aron@debian.org> | 2015-09-21 22:55:55 +0800 |
commit | e85cf827a804d9abf4cbf48af6394c49331de322 (patch) | |
tree | aab761b5168447ea51ad1a64c9e1594e48f84b12 /HTMLtree.c | |
parent | 4b692ee8530176868e4832e30bdc4ba5bc145948 (diff) | |
download | libxml2-e85cf827a804d9abf4cbf48af6394c49331de322.tar.gz |
Revert "Merge tag 'upstream/2.9.1+dfsg1'"
This reverts commit 21ee18bdbc9a9d4500e12a1399d51c593b8b31d4, reversing
changes made to de338c1adfa336ddb5177ceb5c63bcd868a0ebc7.
Diffstat (limited to 'HTMLtree.c')
-rw-r--r-- | HTMLtree.c | 49 |
1 files changed, 38 insertions, 11 deletions
@@ -716,22 +716,49 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur, (!xmlStrcasecmp(cur->name, BAD_CAST "src")) || ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) && (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) { - xmlChar *escaped; xmlChar *tmp = value; + /* xmlURIEscapeStr() escapes '"' so it can be safely used. */ + xmlBufCCat(buf->buffer, "\""); while (IS_BLANK_CH(*tmp)) tmp++; - /* - * the < and > have already been escaped at the entity level - * And doing so here breaks server side includes - */ - escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>"); - if (escaped != NULL) { - xmlBufWriteQuotedString(buf->buffer, escaped); - xmlFree(escaped); - } else { - xmlBufWriteQuotedString(buf->buffer, value); + /* URI Escape everything, except server side includes. */ + for ( ; ; ) { + xmlChar *escaped; + xmlChar endChar; + xmlChar *end = NULL; + xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--"); + if (start != NULL) { + end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->"); + if (end != NULL) { + *start = '\0'; + } + } + + /* Escape the whole string, or until start (set to '\0'). */ + escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+"); + if (escaped != NULL) { + xmlBufCat(buf->buffer, escaped); + xmlFree(escaped); + } else { + xmlBufCat(buf->buffer, tmp); + } + + if (end == NULL) { /* Everything has been written. */ + break; + } + + /* Do not escape anything within server side includes. */ + *start = '<'; /* Restore the first character of "<!--". */ + end += 3; /* strlen("-->") */ + endChar = *end; + *end = '\0'; + xmlBufCat(buf->buffer, start); + *end = endChar; + tmp = end; } + + xmlBufCCat(buf->buffer, "\""); } else { xmlBufWriteQuotedString(buf->buffer, value); } |