Mercurial > hgrepos > hgweb.cgi > s4
diff s4-funcs.sh @ 155:511406c0cbbe
Do HTML escape at value editing
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 05 Jan 2016 18:47:59 +0859 |
parents | 75598f2d3118 |
children | 87e679d3c993 |
line wrap: on
line diff
--- a/s4-funcs.sh Tue Dec 29 09:50:35 2015 +0859 +++ b/s4-funcs.sh Tue Jan 05 18:47:59 2016 +0859 @@ -723,6 +723,10 @@ percenthex() { hexize $1 | sed 's/\(..\)/%\1/g' } +htmlescape() { + sed -e 's/\&/\&/g' -e 's/"/\"/g' -e "s/'/\'/g" \ + -e "s/</\</g; s/>/\>/g" +} enascii() { if [ -z "$enascii" ]; then if type kakasi >/dev/null 2>&1; then @@ -2447,7 +2451,7 @@ form="" val="" if [ -n "$rowid" ]; then # err genform2a: Seeking for "$2.$name, type=$type" - val=`getvalbyid $2 $name $rowid $td` + val=`getvalbyid $2 $name $rowid $td|htmlescape` err genform3a: getvalbyid $2 $name $rowid $td err genform3b: val="[$val]" fi