Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1528 from dcooper16/fix_html_3.0

Browse Source 
Fix HTML generation in 3.0
This commit is contained in:
Dirk Wetter 2020-03-06 14:55:27 +01:00 committed by GitHub
commit 488009d0cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@ -487,12 +487,12 @@ html_reserved(){
local output
"$do_html" || return 0
#sed -e 's/\&/\&amp;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/"/\&quot;/g' -e "s/'/\&apos;/g" <<< "$1"
output="${1//\&/\&amp;}"
output="${output//</\&lt;}"
output="${output//>/\&gt;}"
output="${output//\"/\&quot;}"
output="${output//\'/\&apos;}"
tm_out "$output"
output="${1//&/&amp;}"
output="${output//</&lt;}"
output="${output//>/&gt;}"
output="${output//\"/&quot;}"
output="${output//\'/&apos;}"
printf -- "%s" "$output"
return 0
}
@ -507,8 +507,9 @@ safe_echo() { printf -- "%b" "${1//%/%%}"; }
tm_out() { printf -- "%b" "${1//%/%%}"; }
tmln_out() { printf -- "%b" "${1//%/%%}\n"; }
out() { printf -- "%b" "${1//%/%%}"; html_out "$1"; }
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$1\n"; }
out() { printf -- "%b" "${1//%/%%}"; html_out "$(html_reserved "$1")"; }
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$(html_reserved "$1")\n"; }
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine