Bugfix (security): fail session id check on undetermined condition

[cgilite] / html-sh.sed

diff --git a/html-sh.sed b/html-sh.sed
index 514caafccaf81863f5254602f1a495363638e4f0..976d42e814d4f4d836f3bb93df97653f10fd4b48 100755 (executable)
--- a/html-sh.sed
+++ b/html-sh.sed
@@ -1,4 +1,12 @@
-#!/bin/sed -nrf
+#!/bin/sed -nEf
+
+:Escapes
+s,\\\\,\\,g; s,\\&,\&,g;
+s,\\<,\&lt;,g; s,\\>,\&gt;,g;
+s,\\",\&quot;,g; s,\\',\&apos;,g;
+s,\\\[,\&#91;,g; s,\\\],\&#93;,g;
+s,\\\.,\&#46;,g; s,\\#,\&#35;,g;
+s,\\,,g;
 
 :CommentHandle
 x; /^<\/!-->/{
@@ -52,7 +60,8 @@ s;(<select( [^>]+)?)>[ \t]*multiple;\1 multiple="multiple">;g;
 t attribs;
 
 s;(<[^/][^>]*>)[ \t]*;\1;g;
-s;(<[^/][^>]*)>[ \t]*</[^>]+>;\1/>;g;
+# s;(<[^/][^>]*)>[ \t]*</[^>]+>;\1/>;g;
+s;(<(br|hr|img|input|link|meta|area|base|col|command|embed|keygen|param|source|track|wbr)[^>]*)>[ \t]*</\1>;\1>;g;
 
 s;<!-->;<!--;;