more escapes for use in html-sh and HTTP headers

author Paul Hänsch <paul@plutz.net>

Tue, 9 Jun 2020 18:11:26 +0000 (20:11 +0200)

committer Paul Hänsch <paul@plutz.net>

Tue, 9 Jun 2020 18:11:26 +0000 (20:11 +0200)
author Paul Hänsch <paul@plutz.net>
Tue, 9 Jun 2020 18:11:26 +0000 (20:11 +0200)
committer Paul Hänsch <paul@plutz.net>
Tue, 9 Jun 2020 18:11:26 +0000 (20:11 +0200)
diff --git a/cgilite.sh b/cgilite.sh

index b7067a70ae2fd95bb84e70cc89d43f2441d56173..f03f74732165e4d672418d3718ecc228db4ac53d 100755 (executable)
--- a/cgilite.sh
+++ b/cgilite.sh
@@ -187,6 +187,8 @@ COOKIE(){
  }
  
  HTML(){
+  # Escape HTML cahracters
+  # Also escape [, ], and \n for use in html-sh
    local str out
    [ $# -eq 0 ] && str="$(cat)" || str="$*"
    while [ "$str" ]; do
@@ -196,6 +198,9 @@ HTML(){
        \>*) out="${out}&gt;";;
        \"*) out="${out}&quot;";;
        \'*) out="${out}&#x27;";;
+      \[*) out="${out}&#x5B;";;
+      \]*) out="${out}&#x5D;";;
+      "${BR}"*) out="${out}&#x0A;";;
        *) out="${out}${str%"${str#?}"}";;
      esac
      str="${str#?}"
@@ -204,6 +209,7 @@ HTML(){
  }
  
  URL(){
+  # Escape pathes, so they can be used in link tags and HTTP Headers
    local str out
    [ $# -eq 0 ] && str="$(cat)" || str="$*"
    while [ "$str" ]; do
@@ -213,6 +219,10 @@ URL(){
        \'*) out="${out}%27";;
        \?*) out="${out}%3F";;
        \#*) out="${out}%23";;
+      \[*) out="${out}%5B";;
+      \]*) out="${out}%5D";;
+      \ *) out="${out}%20";;
+      "${BR}"*) out="${out}%0A";;
        %*) out="${out}%25";;
        *) out="${out}${str%"${str#?}"}";;
      esac
author	Paul Hänsch <paul@plutz.net>
	Tue, 9 Jun 2020 18:11:26 +0000 (20:11 +0200)
committer	Paul Hänsch <paul@plutz.net>
	Tue, 9 Jun 2020 18:11:26 +0000 (20:11 +0200)