void
houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure)
{
size_t i = 0, org, esc = 0;
bufgrow(ob, ESCAPE_GROW_FACTOR(size));
while (i < size) {
org = i;
while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
i++;
if (i > org)
bufput(ob, src + org, i - org);
/* escaping */
if (i >= size)
break;
/* The forward slash is only escaped in secure mode */
if (src[i] == '/' && !secure) {
bufputc(ob, '/');
} else if (HTML_ESCAPE_TABLE[src[i]] == 7) {
/* skip control characters */
} else {
bufputs(ob, HTML_ESCAPES[esc]);
}
i++;
}
}
void
houdini_escape_html(struct buf *ob, const char *src, size_t size)
{
size_t i = 0, org, esc;
bufgrow(ob, ESCAPE_GROW_FACTOR(size));
while (i < size) {
org = i;
while (i < size &&
(esc = HTML_ESCAPE_TABLE[src[i] & 0x7F]) == 0 &&
(src[i] & ~0x7F) == 0)
i++;
if (i > org)
bufput(ob, src + org, i - org);
/* escaping */
if (i >= size)
break;
bufputs(ob, HTML_ESCAPES[esc]);
i++;
}
}
void
houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure)
{
size_t i = 0, org, esc = 0;
bufgrow(ob, ESCAPE_GROW_FACTOR(size));
while (i < size) {
org = i;
while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
i++;
if (i > org)
bufput(ob, src + org, i - org);
/* escaping */
if (i >= size)
break;
/* The forward slash is only escaped in secure mode */
if (src[i] == '/' && !secure) {
bufputc(ob, '/');
} else {
/* The left and right tags (< and >) aren't escaped in comments */
if ((src[i] == '<' && src[i + 1] == '!') || (src[i] == '>' && src[i - 1] == '-'))
bufputc(ob, src[i]);
else
bufputs(ob, HTML_ESCAPES[esc]);
}
i++;
}
}
void
houdini_escape_js(struct buf *ob, const uint8_t *src, size_t size)
{
size_t i = 0, org, ch;
bufgrow(ob, ESCAPE_GROW_FACTOR(size));
while (i < size) {
org = i;
while (i < size && JS_ESCAPE[src[i]] == 0)
i++;
if (i > org)
bufput(ob, src + org, i - org);
/* escaping */
if (i >= size)
break;
ch = src[i];
switch (ch) {
case '/':
/*
* Escape only if preceded by a lt
*/
if (i && src[i - 1] == '<')
bufputc(ob, '\\');
bufputc(ob, ch);
break;
case '\r':
/*
* Escape as \n, and skip the next \n if it's there
*/
if (i + 1 < size && src[i + 1] == '\n') i++;
case '\n':
/*
* Escape actually as '\','n', not as '\', '\n'
*/
ch = 'n';
default:
/*
* Normal escaping
*/
bufputc(ob, '\\');
bufputc(ob, ch);
break;
}
i++;
}
}
void
houdini_escape_href(struct sd_buf *ob, const uint8_t *src, size_t size)
{
static const char hex_chars[] = "0123456789ABCDEF";
size_t i = 0, org;
char hex_str[3];
sd_bufgrow(ob, ESCAPE_GROW_FACTOR(size));
hex_str[0] = '%';
while (i < size) {
org = i;
while (i < size && HREF_SAFE[src[i]] != 0)
i++;
if (i > org)
sd_bufput(ob, src + org, i - org);
/* escaping */
if (i >= size)
break;
switch (src[i]) {
/* amp appears all the time in URLs, but needs
* HTML-entity escaping to be inside an href */
case '&':
SD_BUFPUTSL(ob, "&");
break;
/* the single quote is a valid URL character
* according to the standard; it needs HTML
* entity escaping too */
case '\'':
SD_BUFPUTSL(ob, "'");
break;
/* the space can be escaped to %20 or a plus
* sign. we're going with the generic escape
* for now. the plus thing is more commonly seen
* when building GET strings */
#if 0
case ' ':
sd_bufputc(ob, '+');
break;
#endif
/* every other character goes with a %XX escaping */
default:
hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
hex_str[2] = hex_chars[src[i] & 0xF];
sd_bufput(ob, hex_str, 3);
}
i++;
}
}
void
hoedown_escape_html(struct hoedown_buffer *ob, const uint8_t *src, size_t size, int secure)
{
size_t i = 0, org, esc = 0;
while (i < size) {
org = i;
while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
i++;
if (i > org) {
if (org == 0) {
if (i >= size) {
hoedown_buffer_put(ob, src, size);
return;
}
hoedown_buffer_grow(ob, ESCAPE_GROW_FACTOR(size));
}
hoedown_buffer_put(ob, src + org, i - org);
}
/* escaping */
if (i >= size)
break;
/* The forward slash is only escaped in secure mode */
if (src[i] == '/' && !secure) {
hoedown_buffer_putc(ob, '/');
} else {
hoedown_buffer_puts(ob, HTML_ESCAPES[esc]);
}
i++;
}
}
