From: Paul Hänsch Date: Tue, 9 Jun 2020 18:11:26 +0000 (+0200) Subject: more escapes for use in html-sh and HTTP headers X-Git-Url: https://git.plutz.net/?a=commitdiff_plain;h=b8cec2270b5917e96f57d72c4d1ad96471cad3d3;p=cgilite more escapes for use in html-sh and HTTP headers --- diff --git a/cgilite.sh b/cgilite.sh index b7067a7..f03f747 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -187,6 +187,8 @@ COOKIE(){ } HTML(){ + # Escape HTML cahracters + # Also escape [, ], and \n for use in html-sh local str out [ $# -eq 0 ] && str="$(cat)" || str="$*" while [ "$str" ]; do @@ -196,6 +198,9 @@ HTML(){ \>*) out="${out}>";; \"*) out="${out}"";; \'*) out="${out}'";; + \[*) out="${out}[";; + \]*) out="${out}]";; + "${BR}"*) out="${out} ";; *) out="${out}${str%"${str#?}"}";; esac str="${str#?}" @@ -204,6 +209,7 @@ HTML(){ } URL(){ + # Escape pathes, so they can be used in link tags and HTTP Headers local str out [ $# -eq 0 ] && str="$(cat)" || str="$*" while [ "$str" ]; do @@ -213,6 +219,10 @@ URL(){ \'*) out="${out}%27";; \?*) out="${out}%3F";; \#*) out="${out}%23";; + \[*) out="${out}%5B";; + \]*) out="${out}%5D";; + \ *) out="${out}%20";; + "${BR}"*) out="${out}%0A";; %*) out="${out}%25";; *) out="${out}${str%"${str#?}"}";; esac