Mercurial > hg > nginx
changeset 4312:0a8e51a16484
Added escaping of double quotes in ngx_escape_html().
Patch by Zaur Abasmirzoev.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 25 Nov 2011 16:36:02 +0000 |
parents | 45272aab5eea |
children | e7db97bfac25 |
files | src/core/ngx_string.c |
diffstat | 1 files changed, 9 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/core/ngx_string.c Wed Nov 23 14:09:19 2011 +0000 +++ b/src/core/ngx_string.c Fri Nov 25 16:36:02 2011 +0000 @@ -1657,6 +1657,10 @@ len += sizeof("&") - 2; break; + case '"': + len += sizeof(""") - 2; + break; + default: break; } @@ -1684,6 +1688,11 @@ *dst++ = ';'; break; + case '"': + *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o'; + *dst++ = 't'; *dst++ = ';'; + break; + default: *dst++ = ch; break;