Skip to content

Commit

Permalink
Added escaping of double quotes in ngx_escape_html().
Browse files Browse the repository at this point in the history
Patch by Zaur Abasmirzoev.
  • Loading branch information
mdounin committed Nov 25, 2011
1 parent 13717da commit 1b9b19d
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions src/core/ngx_string.c
Original file line number Diff line number Diff line change
Expand Up @@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
len += sizeof("&") - 2;
break;

case '"':
len += sizeof(""") - 2;
break;

default:
break;
}
Expand Down Expand Up @@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
*dst++ = ';';
break;

case '"':
*dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
*dst++ = 't'; *dst++ = ';';
break;

default:
*dst++ = ch;
break;
Expand Down

0 comments on commit 1b9b19d

Please sign in to comment.