more escapes for use in html-sh and HTTP headers

[cgilite] / cgilite.sh

diff --git a/cgilite.sh b/cgilite.sh
index b7067a70ae2fd95bb84e70cc89d43f2441d56173..f03f74732165e4d672418d3718ecc228db4ac53d 100755 (executable)
--- a/cgilite.sh
+++ b/cgilite.sh
@@ -187,6 +187,8 @@ COOKIE(){
 }
 
 HTML(){
+  # Escape HTML cahracters
+  # Also escape [, ], and \n for use in html-sh
   local str out
   [ $# -eq 0 ] && str="$(cat)" || str="$*"
   while [ "$str" ]; do
@@ -196,6 +198,9 @@ HTML(){
       \>*) out="${out}>";;
       \"*) out="${out}"";;
       \'*) out="${out}'";;
+      \[*) out="${out}[";;
+      \]*) out="${out}]";;
+      "${BR}"*) out="${out}
";;
       *) out="${out}${str%"${str#?}"}";;
     esac
     str="${str#?}"
@@ -204,6 +209,7 @@ HTML(){
 }
 
 URL(){
+  # Escape pathes, so they can be used in link tags and HTTP Headers
   local str out
   [ $# -eq 0 ] && str="$(cat)" || str="$*"
   while [ "$str" ]; do
@@ -213,6 +219,10 @@ URL(){
       \'*) out="${out}%27";;
       \?*) out="${out}%3F";;
       \#*) out="${out}%23";;
+      \[*) out="${out}%5B";;
+      \]*) out="${out}%5D";;
+      \ *) out="${out}%20";;
+      "${BR}"*) out="${out}%0A";;
       %*) out="${out}%25";;
       *) out="${out}${str%"${str#?}"}";;
     esac