commit
466f08c846
16
testssl.sh
16
testssl.sh
|
@ -490,12 +490,12 @@ html_reserved(){
|
|||
local output
|
||||
"$do_html" || return 0
|
||||
#sed -e 's/\&/\&/g' -e 's/</\</g' -e 's/>/\>/g' -e 's/"/\"/g' -e "s/'/\'/g" <<< "$1"
|
||||
output="${1//\&/\&}"
|
||||
output="${output//</\<}"
|
||||
output="${output//>/\>}"
|
||||
output="${output//\"/\"}"
|
||||
output="${output//\'/\'}"
|
||||
tm_out "$output"
|
||||
output="${1//&/&}"
|
||||
output="${output//</<}"
|
||||
output="${output//>/>}"
|
||||
output="${output//\"/"}"
|
||||
output="${output//\'/'}"
|
||||
printf -- "%s" "$output"
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -510,8 +510,8 @@ safe_echo() { printf -- "%b" "${1//%/%%}"; }
|
|||
tm_out() { printf -- "%b" "${1//%/%%}"; }
|
||||
tmln_out() { printf -- "%b" "${1//%/%%}\n"; }
|
||||
|
||||
out() { printf -- "%b" "${1//%/%%}"; html_out "$1"; }
|
||||
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$1\n"; }
|
||||
out() { printf -- "%b" "${1//%/%%}"; html_out "$(html_reserved "$1")"; }
|
||||
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$(html_reserved "$1")\n"; }
|
||||
|
||||
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine
|
||||
|
||||
|
|
Loading…
Reference in New Issue