prevent double escaping of & in htmlsafe

[cgilite] / cgi.sh

diff --git a/cgi.sh b/cgi.sh
index 408201ff70b04ae869e9120cb90db19cfa8205db..bba28548768d4f9ddef3e25c941bd13fe8529834 100755 (executable)
--- a/cgi.sh
+++ b/cgi.sh
@@ -84,9 +84,9 @@ urlsafe(){
 
 htmlsafe(){
   printf %s "$*" \
-  | sed 's;<;\&lt\;;g;
+  | sed 's;&;\&amp\;;g;
+         s;<;\&lt\;;g;
          s;>;\&gt\;;g;
-         s;&;\&amp\;;g;
          s;";\&quot\;;g;
          s;'\'';\&apos\;;g;'
 }