From b8cec2270b5917e96f57d72c4d1ad96471cad3d3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Tue, 9 Jun 2020 20:11:26 +0200 Subject: [PATCH] more escapes for use in html-sh and HTTP headers --- cgilite.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cgilite.sh b/cgilite.sh index b7067a7..f03f747 100755 --- a/cgilite.sh +++ b/cgilite.sh @@ -187,6 +187,8 @@ COOKIE(){ } HTML(){ + # Escape HTML cahracters + # Also escape [, ], and \n for use in html-sh local str out [ $# -eq 0 ] && str="$(cat)" || str="$*" while [ "$str" ]; do @@ -196,6 +198,9 @@ HTML(){ \>*) out="${out}>";; \"*) out="${out}"";; \'*) out="${out}'";; + \[*) out="${out}[";; + \]*) out="${out}]";; + "${BR}"*) out="${out} ";; *) out="${out}${str%"${str#?}"}";; esac str="${str#?}" @@ -204,6 +209,7 @@ HTML(){ } URL(){ + # Escape pathes, so they can be used in link tags and HTTP Headers local str out [ $# -eq 0 ] && str="$(cat)" || str="$*" while [ "$str" ]; do @@ -213,6 +219,10 @@ URL(){ \'*) out="${out}%27";; \?*) out="${out}%3F";; \#*) out="${out}%23";; + \[*) out="${out}%5B";; + \]*) out="${out}%5D";; + \ *) out="${out}%20";; + "${BR}"*) out="${out}%0A";; %*) out="${out}%25";; *) out="${out}${str%"${str#?}"}";; esac -- 2.39.2