Permalink
Browse files

Filter out characters in the control code range.

These characters are invalid in an XML document and so
they will break souptest. This behaviour is consistent
with reddit's version of Discount.
  • Loading branch information...
1 parent 989240c commit 0f13c4db764080d2355850a7a754b9a11d7f99c5 @spladug spladug committed Oct 14, 2011
Showing with 14 additions and 5 deletions.
  1. +8 −2 html/houdini_href_e.c
  2. +6 −3 html/houdini_html_e.c
View
@@ -32,8 +32,8 @@
*
*/
static const char HREF_SAFE[] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 0, 0, 2, 2, 0, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -72,6 +72,12 @@ houdini_escape_href(struct buf *ob, const uint8_t *src, size_t size)
if (i >= size)
break;
+ /* throw out control characters */
+ if (HREF_SAFE[src[i]] == 2) {
+ i++;
+ continue;
+ }
+
switch (src[i]) {
/* amp appears all the time in URLs, but needs
* HTML-entity escaping to be inside an href */
@@ -18,8 +18,8 @@
*
*/
static const char HTML_ESCAPE_TABLE[] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 0, 0, 7, 7, 0, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -43,7 +43,8 @@ static const char *HTML_ESCAPES[] = {
"'",
"/",
"<",
- ">"
+ ">",
+ "", // throw out control characters
};
void
@@ -68,6 +69,8 @@ houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure
/* The forward slash is only escaped in secure mode */
if (src[i] == '/' && !secure) {
bufputc(ob, '/');
+ } else if (HTML_ESCAPE_TABLE[src[i]] == 7) {
+ /* skip control characters */
} else {
bufputs(ob, HTML_ESCAPES[esc]);
}

0 comments on commit 0f13c4d

Please sign in to comment.