From b8cec2270b5917e96f57d72c4d1ad96471cad3d3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Paul=20H=C3=A4nsch?= <paul@plutz.net>
Date: Tue, 9 Jun 2020 20:11:26 +0200
Subject: [PATCH] more escapes for use in html-sh and HTTP headers

---
 cgilite.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cgilite.sh b/cgilite.sh
index b7067a7..f03f747 100755
--- a/cgilite.sh
+++ b/cgilite.sh
@@ -187,6 +187,8 @@ COOKIE(){
 }
 
 HTML(){
+  # Escape HTML cahracters
+  # Also escape [, ], and \n for use in html-sh
   local str out
   [ $# -eq 0 ] && str="$(cat)" || str="$*"
   while [ "$str" ]; do
@@ -196,6 +198,9 @@ HTML(){
       \>*) out="${out}&gt;";;
       \"*) out="${out}&quot;";;
       \'*) out="${out}&#x27;";;
+      \[*) out="${out}&#x5B;";;
+      \]*) out="${out}&#x5D;";;
+      "${BR}"*) out="${out}&#x0A;";;
       *) out="${out}${str%"${str#?}"}";;
     esac
     str="${str#?}"
@@ -204,6 +209,7 @@ HTML(){
 }
 
 URL(){
+  # Escape pathes, so they can be used in link tags and HTTP Headers
   local str out
   [ $# -eq 0 ] && str="$(cat)" || str="$*"
   while [ "$str" ]; do
@@ -213,6 +219,10 @@ URL(){
       \'*) out="${out}%27";;
       \?*) out="${out}%3F";;
       \#*) out="${out}%23";;
+      \[*) out="${out}%5B";;
+      \]*) out="${out}%5D";;
+      \ *) out="${out}%20";;
+      "${BR}"*) out="${out}%0A";;
       %*) out="${out}%25";;
       *) out="${out}${str%"${str#?}"}";;
     esac
-- 
2.39.2