Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix HTML generation in 3.0

Browse Source 
This commit applies the same changes as #1481, but to the 3.0 branch.
This commit is contained in:
David Cooper 2020-03-06 08:48:07 -05:00 committed by GitHub
parent 4dbd9a98ba
commit 53f0bec0ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@ -487,12 +487,12 @@ html_reserved(){
local output
"$do_html" || return 0
#sed -e 's/\&/\&amp;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/"/\&quot;/g' -e "s/'/\&apos;/g" <<< "$1"
output="${1//\&/\&amp;}"
output="${output//</\&lt;}"
output="${output//>/\&gt;}"
output="${output//\"/\&quot;}"
output="${output//\'/\&apos;}"
tm_out "$output"
output="${1//&/&amp;}"
output="${output//</&lt;}"
output="${output//>/&gt;}"
output="${output//\"/&quot;}"
output="${output//\'/&apos;}"
printf -- "%s" "$output"
return 0
}
@ -507,8 +507,9 @@ safe_echo() { printf -- "%b" "${1//%/%%}"; }
tm_out() { printf -- "%b" "${1//%/%%}"; }
tmln_out() { printf -- "%b" "${1//%/%%}\n"; }
out() { printf -- "%b" "${1//%/%%}"; html_out "$1"; }
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$1\n"; }
out() { printf -- "%b" "${1//%/%%}"; html_out "$(html_reserved "$1")"; }
outln() { printf -- "%b" "${1//%/%%}\n"; html_out "$(html_reserved "$1")\n"; }
#TODO: Still no shell injection safe but if just run it from the cmd line: that's fine