Author: Lukas Fleischer <cgit@cryptocrack.de>
Properly escape ampersands inside HTML attributes Ampersands ("&") appearing inside HTML attributes need to be translated to "&". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
html.c | 4 +++-
diff --git a/html.c b/html.c index a0f6db4b04bdca2215d0425f9f85ed70933d08ce..24a03a52b4042130a4da207ddafcfc370525658d 100644 --- a/html.c +++ b/html.c @@ -138,7 +138,7 @@ { const char *t = txt; while(t && *t){ int c = *t; - if (c=='<' || c=='>' || c=='\'' || c=='\"') { + if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') { html_raw(txt, t - txt); if (c=='>') html(">"); @@ -148,6 +148,8 @@ else if (c=='\'') html("'"); else if (c=='"') html("""); + else if (c=='&') + html("&"); txt = t+1; } t++;