Added escaping of double quotes in ngx_escape_html().

Patch by Zaur Abasmirzoev.
2024-12-12 02:09:04 +08:00 · 2011-11-25 16:36:02 +00:00 · 2011-11-25 16:36:02 +00:00 · 1b9b19d7e2
commit 1b9b19d7e2
parent 13717da19e
1 changed files with 9 additions and 0 deletions
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
                len += sizeof("&amp;") - 2;
                break;

+            case '"':
+                len += sizeof("&quot;") - 2;
+                break;
+
            default:
                break;
            }
@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
            *dst++ = ';';
            break;

+        case '"':
+            *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
+            *dst++ = 't'; *dst++ = ';';
+            break;
+
        default:
            *dst++ = ch;
            break;