From ed203139f6b12b53609275e742d92508796692d4 Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Thu, 27 Sep 2007 09:36:50 +0000 Subject: [PATCH] ngx_escape_html() --- src/core/ngx_string.c | 61 +++++++++++++++++++++++++++++++++++++++++++ src/core/ngx_string.h | 2 ++ 2 files changed, 63 insertions(+) diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c index 68b2d61f0..6b40d0f91 100644 --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1299,6 +1299,67 @@ done: } +uintptr_t +ngx_escape_html(u_char *dst, u_char *src, size_t size) +{ + u_char ch; + ngx_uint_t i, len; + + if (dst == NULL) { + + len = 0; + + for (i = 0; i < size; i++) { + switch (*src++) { + + case '<': + len += sizeof("<") - 2; + break; + + case '>': + len += sizeof(">") - 2; + break; + + case '&': + len += sizeof("&") - 2; + break; + + default: + break; + } + } + + return (uintptr_t) len; + } + + for (i = 0; i < size; i++) { + ch = *src++; + + switch (ch) { + + case '<': + *dst++ = '&'; *dst++ = 'l'; *dst++ = 't'; *dst++ = ';'; + break; + + case '>': + *dst++ = '&'; *dst++ = 'g'; *dst++ = 't'; *dst++ = ';'; + break; + + case '&': + *dst++ = '&'; *dst++ = 'a'; *dst++ = 'm'; *dst++ = 'p'; + *dst++ = ';'; + break; + + default: + *dst++ = ch; + break; + } + } + + return (uintptr_t) dst; +} + + /* ngx_sort() is implemented as insertion sort because we need stable sort */ void diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h index a1da15f6b..e17fc13fb 100644 --- a/src/core/ngx_string.h +++ b/src/core/ngx_string.h @@ -165,6 +165,8 @@ u_char *ngx_utf_cpystrn(u_char *dst, u_char *src, size_t n); uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type); void ngx_unescape_uri(u_char **dst, u_char **src, size_t size, ngx_uint_t type); +uintptr_t ngx_escape_html(u_char *dst, u_char *src, size_t size); + void ngx_sort(void *base, size_t n, size_t size,