diff options
| author | Underground78 <underground78@users.sourceforge.net> | 2012-11-18 02:35:50 +0400 |
|---|---|---|
| committer | Underground78 <underground78@users.sourceforge.net> | 2012-11-18 02:35:50 +0400 |
| commit | 716331e73d8d1de37328e880bf7206ada259f0fc (patch) | |
| tree | a1840a44ccfb019f9b149ce55c1d60178aabc570 /src/DSUtil/text.cpp | |
| parent | b75f6c5b84a32adfec33717a98c7b4f33c5fe1bf (diff) | |
Web server: Escape the user inputs to avoid XSS exploits.
This commit partially fixes ticket #2729.
Diffstat (limited to 'src/DSUtil/text.cpp')
| -rw-r--r-- | src/DSUtil/text.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/DSUtil/text.cpp b/src/DSUtil/text.cpp index c5a2f829c..f4226ac1a 100644 --- a/src/DSUtil/text.cpp +++ b/src/DSUtil/text.cpp @@ -169,6 +169,19 @@ CString ExtractTag(CString tag, CMapStringToString& attribs, bool& fClosing) return type;
}
+CStringA HtmlSpecialChars(CStringA str, bool bQuotes /*= false*/)
+{
+ str.Replace("&", "&");
+ str.Replace("\"", """);
+ if (bQuotes) {
+ str.Replace("\'", "'");
+ }
+ str.Replace("<", "<");
+ str.Replace(">", ">");
+
+ return str;
+}
+
CAtlList<CString>& MakeLower(CAtlList<CString>& sl)
{
POSITION pos = sl.GetHeadPosition();
|