Fix HTML output in Bash 5.2 and newer

As noted in #2304, the way that the '&' character is treated in the string part of a pattern substitution changed in Bash 5.2. As a result, the change that was made in #1481 to accommodate older versions of Bash (e.g., on MacOS) now causes testssl.sh to produce incorrect HTML output when run on Bash 5.2.

This commit encodes the '&' characters in the substitution strings in a way that produces correct results on multiple versions of Bash (3.2 on MacOS, 5.2 on Ubuntu 23.10, 5.0 on Ubuntu 20.04).
This commit is contained in:
David Cooper 2023-02-03 14:31:08 -08:00
parent cd2eef30ea
commit 5c0b8314d0

View File

@ -491,11 +491,11 @@ html_reserved(){
local output local output
"$do_html" || return 0 "$do_html" || return 0
#sed -e 's/\&/\&amp;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/"/\&quot;/g' -e "s/'/\&apos;/g" <<< "$1" #sed -e 's/\&/\&amp;/g' -e 's/</\&lt;/g' -e 's/>/\&gt;/g' -e 's/"/\&quot;/g' -e "s/'/\&apos;/g" <<< "$1"
output="${1//&/&amp;}" output="${1//&/$'&'amp;}"
output="${output//</&lt;}" output="${output//</$'&'lt;}"
output="${output//>/&gt;}" output="${output//>/$'&'gt;}"
output="${output//\"/&quot;}" output="${output//\"/$'&'quot;}"
output="${output//\'/&apos;}" output="${output//\'/$'&'apos;}"
printf -- "%s" "$output" printf -- "%s" "$output"
return 0 return 0
} }