diff options
| author | Case Duckworth | 2022-08-13 19:40:51 -0500 |
|---|---|---|
| committer | Case Duckworth | 2022-08-13 19:40:51 -0500 |
| commit | 07b37537619ec7b5fd9803512a1c357872492709 (patch) | |
| tree | 5a82eb6b217eabd1e9ae9d1b248a66fd007d9c8f | |
| parent | Still trying to fix bug .... (diff) | |
| download | ht-07b37537619ec7b5fd9803512a1c357872492709.tar.gz ht-07b37537619ec7b5fd9803512a1c357872492709.zip | |
Escape HTML in raw blocks
| -rwxr-xr-x | ht.awk | 16 |
1 files changed, 11 insertions, 5 deletions
| diff --git a/ht.awk b/ht.awk index a03c8be..a2189ec 100755 --- a/ht.awk +++ b/ht.awk | |||
| @@ -45,7 +45,7 @@ $0 ~ CONFIG["raw_delim"] { | |||
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | RAW { | 47 | RAW { |
| 48 | bufpush($0) | 48 | bufpush(html_escape($0)) |
| 49 | next | 49 | next |
| 50 | } | 50 | } |
| 51 | 51 | ||
| @@ -70,10 +70,7 @@ $0 ~ ("^" COMMENT_DELIM) { | |||
| 70 | } else { | 70 | } else { |
| 71 | sep = "\n" | 71 | sep = "\n" |
| 72 | } | 72 | } |
| 73 | # Sanitize HTML | 73 | $0 = html_escape($0) |
| 74 | gsub(/&/, "\\\\\\&", $0) | ||
| 75 | gsub(/</, "\\\\\\<", $0) | ||
| 76 | gsub(/>/, "\\\\\\>", $0) | ||
| 77 | # Loop through BLOCK_TYPES | 74 | # Loop through BLOCK_TYPES |
| 78 | for (bt in BLOCK_TYPES) { | 75 | for (bt in BLOCK_TYPES) { |
| 79 | if (match($0, "^" bt "[ \t]*")) { | 76 | if (match($0, "^" bt "[ \t]*")) { |
| @@ -258,3 +255,12 @@ function html_end() | |||
| 258 | BUFFER = "" | 255 | BUFFER = "" |
| 259 | HTML = 0 | 256 | HTML = 0 |
| 260 | } | 257 | } |
| 258 | |||
| 259 | function html_escape(text) | ||
| 260 | { | ||
| 261 | # Sanitize HTML | ||
| 262 | gsub(/&/, "\\\\\\&", text) | ||
| 263 | gsub(/</, "\\\\\\<", text) | ||
| 264 | gsub(/>/, "\\\\\\>", text) | ||
| 265 | return text | ||
| 266 | } | ||