mirror of
https://github.com/nginx/nginx.git
synced 2025-01-06 07:27:47 +08:00
Added escaping of double quotes in ngx_escape_html().
Patch by Zaur Abasmirzoev.
This commit is contained in:
Maxim Dounin
parent
13717da19e
commit
1b9b19d7e2
@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
|
|||||||
len += sizeof("&") - 2;
|
len += sizeof("&") - 2;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case '"':
|
||||||
|
len += sizeof(""") - 2;
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
|
|||||||
*dst++ = ';';
|
*dst++ = ';';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case '"':
|
||||||
|
*dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
|
||||||
|
*dst++ = 't'; *dst++ = ';';
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
*dst++ = ch;
|
*dst++ = ch;
|
||||||
break;
|
break;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user