Mercurial > hgrepos > hgweb.cgi > s4

diff s4-funcs.sh @ 155:511406c0cbbe

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Do HTML escape at value editing
author HIROSE Yuuji <yuuji@gentei.org>
date Tue, 05 Jan 2016 18:47:59 +0859
parents 75598f2d3118
children 87e679d3c993
line wrap: on
line diff
--- a/s4-funcs.sh	Tue Dec 29 09:50:35 2015 +0859
+++ b/s4-funcs.sh	Tue Jan 05 18:47:59 2016 +0859
@@ -723,6 +723,10 @@
 percenthex() {
   hexize $1 | sed 's/\(..\)/%\1/g'
 }
+htmlescape() {
+  sed -e 's/\&/\&amp;/g' -e 's/"/\&quot;/g' -e "s/'/\&apos;/g" \
+      -e "s/</\&lt;/g; s/>/\&gt;/g"
+}
 enascii() {
   if [ -z "$enascii" ]; then
     if type kakasi >/dev/null 2>&1; then
@@ -2447,7 +2451,7 @@
     form="" val=""
     if [ -n "$rowid" ]; then
       # err genform2a: Seeking for "$2.$name, type=$type"
-      val=`getvalbyid $2 $name $rowid $td`
+      val=`getvalbyid $2 $name $rowid $td|htmlescape`
 err genform3a: getvalbyid $2 $name $rowid $td
 err genform3b: val="[$val]"
     fi

yatex.org