summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorCase Duckworth2022-08-13 19:40:51 -0500
committerCase Duckworth2022-08-13 19:40:51 -0500
commit07b37537619ec7b5fd9803512a1c357872492709 (patch)
tree5a82eb6b217eabd1e9ae9d1b248a66fd007d9c8f
parentStill trying to fix bug .... (diff)
downloadht-07b37537619ec7b5fd9803512a1c357872492709.tar.gz
ht-07b37537619ec7b5fd9803512a1c357872492709.zip
Escape HTML in raw blocks
-rwxr-xr-xht.awk16
1 files changed, 11 insertions, 5 deletions
diff --git a/ht.awk b/ht.awk index a03c8be..a2189ec 100755 --- a/ht.awk +++ b/ht.awk
@@ -45,7 +45,7 @@ $0 ~ CONFIG["raw_delim"] {
45} 45}
46 46
47RAW { 47RAW {
48 bufpush($0) 48 bufpush(html_escape($0))
49 next 49 next
50} 50}
51 51
@@ -70,10 +70,7 @@ $0 ~ ("^" COMMENT_DELIM) {
70 } else { 70 } else {
71 sep = "\n" 71 sep = "\n"
72 } 72 }
73 # Sanitize HTML 73 $0 = html_escape($0)
74 gsub(/&/, "\\\\\\&", $0)
75 gsub(/</, "\\\\\\&lt;", $0)
76 gsub(/>/, "\\\\\\&gt;", $0)
77 # Loop through BLOCK_TYPES 74 # Loop through BLOCK_TYPES
78 for (bt in BLOCK_TYPES) { 75 for (bt in BLOCK_TYPES) {
79 if (match($0, "^" bt "[ \t]*")) { 76 if (match($0, "^" bt "[ \t]*")) {
@@ -258,3 +255,12 @@ function html_end()
258 BUFFER = "" 255 BUFFER = ""
259 HTML = 0 256 HTML = 0
260} 257}
258
259function html_escape(text)
260{
261 # Sanitize HTML
262 gsub(/&/, "\\\\\\&amp;", text)
263 gsub(/</, "\\\\\\&lt;", text)
264 gsub(/>/, "\\\\\\&gt;", text)
265 return text
266}