void houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure) { size_t i = 0, org, esc = 0; bufgrow(ob, ESCAPE_GROW_FACTOR(size)); while (i < size) { org = i; while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0) i++; if (i > org) bufput(ob, src + org, i - org); /* escaping */ if (i >= size) break; /* The forward slash is only escaped in secure mode */ if (src[i] == '/' && !secure) { bufputc(ob, '/'); } else if (HTML_ESCAPE_TABLE[src[i]] == 7) { /* skip control characters */ } else { bufputs(ob, HTML_ESCAPES[esc]); } i++; } }
void houdini_escape_html(struct buf *ob, const char *src, size_t size) { size_t i = 0, org, esc; bufgrow(ob, ESCAPE_GROW_FACTOR(size)); while (i < size) { org = i; while (i < size && (esc = HTML_ESCAPE_TABLE[src[i] & 0x7F]) == 0 && (src[i] & ~0x7F) == 0) i++; if (i > org) bufput(ob, src + org, i - org); /* escaping */ if (i >= size) break; bufputs(ob, HTML_ESCAPES[esc]); i++; } }
void houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure) { size_t i = 0, org, esc = 0; bufgrow(ob, ESCAPE_GROW_FACTOR(size)); while (i < size) { org = i; while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0) i++; if (i > org) bufput(ob, src + org, i - org); /* escaping */ if (i >= size) break; /* The forward slash is only escaped in secure mode */ if (src[i] == '/' && !secure) { bufputc(ob, '/'); } else { /* The left and right tags (< and >) aren't escaped in comments */ if ((src[i] == '<' && src[i + 1] == '!') || (src[i] == '>' && src[i - 1] == '-')) bufputc(ob, src[i]); else bufputs(ob, HTML_ESCAPES[esc]); } i++; } }
void houdini_escape_js(struct buf *ob, const uint8_t *src, size_t size) { size_t i = 0, org, ch; bufgrow(ob, ESCAPE_GROW_FACTOR(size)); while (i < size) { org = i; while (i < size && JS_ESCAPE[src[i]] == 0) i++; if (i > org) bufput(ob, src + org, i - org); /* escaping */ if (i >= size) break; ch = src[i]; switch (ch) { case '/': /* * Escape only if preceded by a lt */ if (i && src[i - 1] == '<') bufputc(ob, '\\'); bufputc(ob, ch); break; case '\r': /* * Escape as \n, and skip the next \n if it's there */ if (i + 1 < size && src[i + 1] == '\n') i++; case '\n': /* * Escape actually as '\','n', not as '\', '\n' */ ch = 'n'; default: /* * Normal escaping */ bufputc(ob, '\\'); bufputc(ob, ch); break; } i++; } }
void houdini_escape_href(struct sd_buf *ob, const uint8_t *src, size_t size) { static const char hex_chars[] = "0123456789ABCDEF"; size_t i = 0, org; char hex_str[3]; sd_bufgrow(ob, ESCAPE_GROW_FACTOR(size)); hex_str[0] = '%'; while (i < size) { org = i; while (i < size && HREF_SAFE[src[i]] != 0) i++; if (i > org) sd_bufput(ob, src + org, i - org); /* escaping */ if (i >= size) break; switch (src[i]) { /* amp appears all the time in URLs, but needs * HTML-entity escaping to be inside an href */ case '&': SD_BUFPUTSL(ob, "&"); break; /* the single quote is a valid URL character * according to the standard; it needs HTML * entity escaping too */ case '\'': SD_BUFPUTSL(ob, "'"); break; /* the space can be escaped to %20 or a plus * sign. we're going with the generic escape * for now. the plus thing is more commonly seen * when building GET strings */ #if 0 case ' ': sd_bufputc(ob, '+'); break; #endif /* every other character goes with a %XX escaping */ default: hex_str[1] = hex_chars[(src[i] >> 4) & 0xF]; hex_str[2] = hex_chars[src[i] & 0xF]; sd_bufput(ob, hex_str, 3); } i++; } }
void hoedown_escape_html(struct hoedown_buffer *ob, const uint8_t *src, size_t size, int secure) { size_t i = 0, org, esc = 0; while (i < size) { org = i; while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0) i++; if (i > org) { if (org == 0) { if (i >= size) { hoedown_buffer_put(ob, src, size); return; } hoedown_buffer_grow(ob, ESCAPE_GROW_FACTOR(size)); } hoedown_buffer_put(ob, src + org, i - org); } /* escaping */ if (i >= size) break; /* The forward slash is only escaped in secure mode */ if (src[i] == '/' && !secure) { hoedown_buffer_putc(ob, '/'); } else { hoedown_buffer_puts(ob, HTML_ESCAPES[esc]); } i++; } }