diff options
author | Case Duckworth | 2022-08-13 19:40:51 -0500 |
---|---|---|
committer | Case Duckworth | 2022-08-13 19:40:51 -0500 |
commit | 07b37537619ec7b5fd9803512a1c357872492709 (patch) | |
tree | 5a82eb6b217eabd1e9ae9d1b248a66fd007d9c8f | |
parent | Still trying to fix bug .... (diff) | |
download | ht-07b37537619ec7b5fd9803512a1c357872492709.tar.gz ht-07b37537619ec7b5fd9803512a1c357872492709.zip |
Escape HTML in raw blocks
-rwxr-xr-x | ht.awk | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ht.awk b/ht.awk index a03c8be..a2189ec 100755 --- a/ht.awk +++ b/ht.awk | |||
@@ -45,7 +45,7 @@ $0 ~ CONFIG["raw_delim"] { | |||
45 | } | 45 | } |
46 | 46 | ||
47 | RAW { | 47 | RAW { |
48 | bufpush($0) | 48 | bufpush(html_escape($0)) |
49 | next | 49 | next |
50 | } | 50 | } |
51 | 51 | ||
@@ -70,10 +70,7 @@ $0 ~ ("^" COMMENT_DELIM) { | |||
70 | } else { | 70 | } else { |
71 | sep = "\n" | 71 | sep = "\n" |
72 | } | 72 | } |
73 | # Sanitize HTML | 73 | $0 = html_escape($0) |
74 | gsub(/&/, "\\\\\\&", $0) | ||
75 | gsub(/</, "\\\\\\<", $0) | ||
76 | gsub(/>/, "\\\\\\>", $0) | ||
77 | # Loop through BLOCK_TYPES | 74 | # Loop through BLOCK_TYPES |
78 | for (bt in BLOCK_TYPES) { | 75 | for (bt in BLOCK_TYPES) { |
79 | if (match($0, "^" bt "[ \t]*")) { | 76 | if (match($0, "^" bt "[ \t]*")) { |
@@ -258,3 +255,12 @@ function html_end() | |||
258 | BUFFER = "" | 255 | BUFFER = "" |
259 | HTML = 0 | 256 | HTML = 0 |
260 | } | 257 | } |
258 | |||
259 | function html_escape(text) | ||
260 | { | ||
261 | # Sanitize HTML | ||
262 | gsub(/&/, "\\\\\\&", text) | ||
263 | gsub(/</, "\\\\\\<", text) | ||
264 | gsub(/>/, "\\\\\\>", text) | ||
265 | return text | ||
266 | } | ||