INN commit: trunk/scripts (innreport.in)
INN Commit
Russ_Allbery at isc.org
Mon Nov 17 18:49:02 UTC 2008
Date: Monday, November 17, 2008 @ 10:49:01
Author: iulius
Revision: 8167
Better escape of HTML and XML. Patch from Alexander Bartolich.
Modified:
trunk/scripts/innreport.in
--------------+
innreport.in | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
Modified: innreport.in
===================================================================
--- innreport.in 2008-11-17 13:48:49 UTC (rev 8166)
+++ innreport.in 2008-11-17 18:49:01 UTC (rev 8167)
@@ -736,7 +736,21 @@
$v =~ s/&/\&/g;
$v =~ s/</\</g;
$v =~ s/>/\>/g;
- $v =~ s/([\x{7F}-\x{FFFF}])/sprintf('&#%d;', ord($1))/eg;
+
+ # XML comments may not contain --
+ # $v =~ s/--/-\‐/g;
+
+ # These characters are not legal in XML 1.0, so they can't be
+ # present in input or output of an XSLT transformation.
+ # Produce a C-style escape instead
+ $v =~ s/([[:cntrl:]])
+ /sprintf('\\x%02x', ord($1))
+ /egx;
+
+ # Replace special characters with entities
+ $v =~ s/([\x{7F}-\x{FFFF}])
+ /sprintf('&#%d;', ord($1))
+ /egx;
return $v;
}
@@ -2161,7 +2175,7 @@
}
$res[$first] += $r if $v1 =~ m/\%-?(?:\d+(?:\.\d+)?)?d/o;
if ($p) {
- $s .= sprintf $v1. "\n", $r unless $done || !$wtext;
+ $s .= sprintf $v1. "\n", EscapeHTML($r) unless $done || !$wtext;
if ($HTML && $whtml) {
if ($done) {
$html .= "<td></td>";
More information about the inn-committers
mailing list