summaryrefslogtreecommitdiffabout
path: root/html.c
authorLars Hjemli <hjemli@gmail.com>2008-10-05 10:49:46 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2008-10-05 10:49:46 (UTC)
commita36a0d9dec8a3ba79501d2526d648e44306f0fdd (patch) (side-by-side diff)
treeab9a6b2a0fc413887fb3fc1ddfd4fce54e26b599 /html.c
parentf82b19407dd876e6c02a572615bf34b09f6fa831 (diff)
downloadcgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.zip
cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.gz
cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.bz2
html.c: add html_url_arg
This function can be used to properly escape querystring parameter values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (limited to 'html.c') (more/less context) (ignore whitespace changes)
-rw-r--r--html.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/html.c b/html.c
index 36e9a2f..167127f 100644
--- a/html.c
+++ b/html.c
@@ -115,32 +115,48 @@ void html_attr(char *txt)
if (c=='<' || c=='>' || c=='\'') {
write(htmlfd, txt, t - txt);
if (c=='>')
html("&gt;");
else if (c=='<')
html("&lt;");
else if (c=='\'')
html("&quote;");
txt = t+1;
}
t++;
}
if (t!=txt)
html(txt);
}
+void html_url_arg(char *txt)
+{
+ char *t = txt;
+ while(t && *t){
+ int c = *t;
+ if (c=='"' || c=='#' || c=='%' || c=='&' || c=='\'' || c=='+' || c=='?') {
+ write(htmlfd, txt, t - txt);
+ write(htmlfd, fmt("%%%2x", c), 3);
+ txt = t+1;
+ }
+ t++;
+ }
+ if (t!=txt)
+ html(txt);
+}
+
void html_hidden(char *name, char *value)
{
html("<input type='hidden' name='");
html_attr(name);
html("' value='");
html_attr(value);
html("'/>");
}
void html_option(char *value, char *text, char *selected_value)
{
html("<option value='");
html_attr(value);
html("'");
if (selected_value && !strcmp(selected_value, value))
html(" selected='selected'");