diff options
| author | Felix (xq) Queißner <git@mq32.de> | 2020-06-09 18:27:38 +0200 |
|---|---|---|
| committer | Felix (xq) Queißner <git@mq32.de> | 2020-06-09 18:27:38 +0200 |
| commit | de8fd9328e9deb0d1ec596d7486686ea3cb688c2 (patch) | |
| tree | 9c25d7568dee522c1d2ed7b6d238d1dad54163f6 /lib/cmark/src/houdini_html_e.c | |
| parent | 661ddc244793102ee0720871c4edcd64f80bc744 (diff) | |
| download | kristall-de8fd9328e9deb0d1ec596d7486686ea3cb688c2.tar.gz | |
Includes cmark markdown parser library.
Diffstat (limited to 'lib/cmark/src/houdini_html_e.c')
| -rw-r--r-- | lib/cmark/src/houdini_html_e.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/lib/cmark/src/houdini_html_e.c b/lib/cmark/src/houdini_html_e.c new file mode 100644 index 0000000..0e539f0 --- /dev/null +++ b/lib/cmark/src/houdini_html_e.c @@ -0,0 +1,66 @@ +#include <assert.h> +#include <stdio.h> +#include <string.h> + +#include "houdini.h" + +/** + * According to the OWASP rules: + * + * & --> & + * < --> < + * > --> > + * " --> " + * ' --> ' ' is not recommended + * / --> / forward slash is included as it helps end an HTML entity + * + */ +static const char HTML_ESCAPE_TABLE[] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +}; + +static const char *HTML_ESCAPES[] = {"", """, "&", "'", + "/", "<", ">"}; + +int houdini_escape_html0(cmark_strbuf *ob, const uint8_t *src, bufsize_t size, + int secure) { + bufsize_t i = 0, org, esc = 0; + + while (i < size) { + org = i; + while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0) + i++; + + if (i > org) + cmark_strbuf_put(ob, src + org, i - org); + + /* escaping */ + if (unlikely(i >= size)) + break; + + /* The forward slash is only escaped in secure mode */ + if ((src[i] == '/' || src[i] == '\'') && !secure) { + cmark_strbuf_putc(ob, src[i]); + } else { + cmark_strbuf_puts(ob, HTML_ESCAPES[esc]); + } + + i++; + } + + return 1; +} + +int houdini_escape_html(cmark_strbuf *ob, const uint8_t *src, bufsize_t size) { + return houdini_escape_html0(ob, src, size, 1); +} |