diff options
| author |  default | 2023-07-11 19:45:58 +0200 |
|---|---|---|
| committer | default | 2023-07-11 19:45:58 +0200 |
| commit | 1c5a6894579924cb4d35e41ba3f140797a89c083 (patch) | |
| tree | 839d36778afd953a18b1203f160c8ffc99949365 /format.c | |
| parent | Merge pull request 'Attempt to prevent XSS.' (#64) from yonle/snac2:master in... (diff) | |
| download | penes-snac2-1c5a6894579924cb4d35e41ba3f140797a89c083.tar.gz penes-snac2-1c5a6894579924cb4d35e41ba3f140797a89c083.tar.xz penes-snac2-1c5a6894579924cb4d35e41ba3f140797a89c083.zip | |
Fixed some memory leaks.
Diffstat (limited to '')
| -rw-r--r-- | format.c | 16 |
1 files changed, 16 insertions, 0 deletions
| @@ -238,3 +238,19 @@ xs_str *sanitize(const char *content) | |||
| 238 | 238 | ||
| 239 | return s; | 239 | return s; |
| 240 | } | 240 | } |
| 241 | |||
| 242 | |||
| 243 | xs_str *encode_html(const char *str) | ||
| 244 | /* escapes html characters */ | ||
| 245 | { | ||
| 246 | xs_str *encoded = xs_replace(str, "&", "&"); | ||
| 247 | encoded = xs_replace_i(encoded, "<", "<"); | ||
| 248 | encoded = xs_replace_i(encoded, ">", ">"); | ||
| 249 | encoded = xs_replace_i(encoded, "\"", """); | ||
| 250 | encoded = xs_replace_i(encoded, "'", "'"); | ||
| 251 | |||
| 252 | /* Restore only <br>. Probably safe. Let's hope nothing goes wrong with this. */ | ||
| 253 | encoded = xs_replace_i(encoded, "<br>", "<br>"); | ||
| 254 | |||
| 255 | return encoded; | ||
| 256 | } | ||