Merge pull request #1481 from dcooper16/fix_html

Fix HTML generation
This commit is contained in:
Dirk Wetter 2020-03-06 13:40:41 +01:00 committed by GitHub
commit 466f08c846
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions

View File

@ -490,12 +490,12 @@ html_reserved(){
local output
"$do_html" || return 0
#sed -e 's/\&/\&amp;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/"/\&quot;/g' -e "s/'/\&apos;/g" <<< "$1"
output="${1//\&/\&amp;}"
output="${output//</\&lt;}"
output="${output//>/\&gt;}"
output="${output//\"/\&quot;}"
output="${output//\'/\&apos;}"
tm_out "$output"
output="${1//&/&amp;}"
output="${output//</&lt;}"
output="${output//>/&gt;}"
output="${output//\"/&quot;}"
output="${output//\'/&apos;}"
printf -- "%s" "$output"
return 0
}
@ -510,8 +510,8 @@ safe_echo() { printf -- "%b" "${1//%/%%}"; }
tm_out() { printf -- "%b" "${1//%/%%}"; }
tmln_out() { printf -- "%b" "${1//%/%%}\n"; }
out() { printf -- "%b" "${1//%/%%}"; html_out "$1"; }
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$1\n"; }
out() { printf -- "%b" "${1//%/%%}"; html_out "$(html_reserved "$1")"; }
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$(html_reserved "$1")\n"; }
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine