diff options
author | Robert Griesemer <gri@golang.org> | 2009-11-03 22:52:10 -0800 |
---|---|---|
committer | Robert Griesemer <gri@golang.org> | 2009-11-03 22:52:10 -0800 |
commit | 2893d1c9cd41a84aad73f3970b8f84d64ef2ae2d (patch) | |
tree | 2839ae87355c3c310d95c98771ac9e13e63b566b /src/pkg/template | |
parent | f53b18b93537507281cc4070eb7afd95cfe2dbc6 (diff) | |
download | golang-2893d1c9cd41a84aad73f3970b8f84d64ef2ae2d.tar.gz |
add " and ' to list of html-escaped chars
R=rsc
http://go/go-review/1017025
Diffstat (limited to 'src/pkg/template')
-rw-r--r-- | src/pkg/template/format.go | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/src/pkg/template/format.go b/src/pkg/template/format.go index bbdfcb4bb..bcffc66ac 100644 --- a/src/pkg/template/format.go +++ b/src/pkg/template/format.go @@ -21,28 +21,37 @@ func StringFormatter(w io.Writer, value interface{}, format string) { fmt.Fprint(w, value); } - -var esc_amp = strings.Bytes("&") -var esc_lt = strings.Bytes("<") -var esc_gt = strings.Bytes(">") +var ( + esc_quot = strings.Bytes("""); // shorter than """ + esc_apos = strings.Bytes("'"); // shorter than "'" + esc_amp = strings.Bytes("&"); + esc_lt = strings.Bytes("<"); + esc_gt = strings.Bytes(">"); +) // HtmlEscape writes to w the properly escaped HTML equivalent // of the plain text data s. func HtmlEscape(w io.Writer, s []byte) { + var esc []byte; last := 0; for i, c := range s { - if c == '&' || c == '<' || c == '>' { - w.Write(s[last:i]); - switch c { - case '&': - w.Write(esc_amp); - case '<': - w.Write(esc_lt); - case '>': - w.Write(esc_gt); - } - last = i+1; + switch c { + case '"': + esc = esc_quot; + case '\'': + esc = esc_apos; + case '&': + esc = esc_amp; + case '<': + esc = esc_lt; + case '>': + esc = esc_gt; + default: + continue; } + w.Write(s[last:i]); + w.Write(esc); + last = i+1; } w.Write(s[last:len(s)]); } |