Merge of r4313:
Added escaping of double quotes in ngx_escape_html(). Patch by Zaur Abasmirzoev.
This commit is contained in:
parent
ad50cf7b86
commit
db7394b9a5
|
@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
|
|||
len += sizeof("&") - 2;
|
||||
break;
|
||||
|
||||
case '"':
|
||||
len += sizeof(""") - 2;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
|
|||
*dst++ = ';';
|
||||
break;
|
||||
|
||||
case '"':
|
||||
*dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
|
||||
*dst++ = 't'; *dst++ = ';';
|
||||
break;
|
||||
|
||||
default:
|
||||
*dst++ = ch;
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue