Mercurial > hg > nginx

changeset 4312:0a8e51a16484

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added escaping of double quotes in ngx_escape_html(). Patch by Zaur Abasmirzoev.
author Maxim Dounin <mdounin@mdounin.ru>
date Fri, 25 Nov 2011 16:36:02 +0000
parents 45272aab5eea
children e7db97bfac25
files src/core/ngx_string.c
diffstat 1 files changed, 9 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src
                 len += sizeof("&amp;") - 2;
                 break;
 
+            case '"':
+                len += sizeof("&quot;") - 2;
+                break;
+
             default:
                 break;
             }
@@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src
             *dst++ = ';';
             break;
 
+        case '"':
+            *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
+            *dst++ = 't'; *dst++ = ';';
+            break;
+
         default:
             *dst++ = ch;
             break;