Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nginx/nginx.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/core/ngx_string.c
diff options
context:
space:
mode:
authorMaxim Dounin <mdounin@mdounin.ru>2011-11-25 20:36:02 +0400
committerMaxim Dounin <mdounin@mdounin.ru>2011-11-25 20:36:02 +0400
commit1b9b19d7e2a2fcd3d2b773b64f198cec354f384c (patch)
treea5c557ca5c935a4afd31fa46430976d9334b51d6 /src/core/ngx_string.c
parent13717da19e52fb0b43b25ebfdb9bab1bc0a71ce4 (diff)
Added escaping of double quotes in ngx_escape_html().
Patch by Zaur Abasmirzoev.
Diffstat (limited to 'src/core/ngx_string.c')
-rw-r--r--src/core/ngx_string.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 29f8e0d67..f5e1d4bf3 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
len += sizeof("&amp;") - 2;
break;
+ case '"':
+ len += sizeof("&quot;") - 2;
+ break;
+
default:
break;
}
@@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
*dst++ = ';';
break;
+ case '"':
+ *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
+ *dst++ = 't'; *dst++ = ';';
+ break;
+
default:
*dst++ = ch;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 16:31:56 +0300