PageRenderTime 41ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/reddish/lib/sundown/html/houdini_html_e.c

https://bitbucket.org/murarth/reddish
C | 84 lines | 58 code | 13 blank | 13 comment | 10 complexity | ad4e12539e64e6e7685a89b206d2e469 MD5 | raw file
    

  1. #include <assert.h>
    2. 

  2. #include <stdio.h>
    3. 

  3. #include <string.h>
    4. 

  4. 

  5. #include "houdini.h"
    6. 

  6. 

  7. #define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10) /* this is very scientific, yes */
    8. 

  8. 

  9. /**
    10. 

  10.  * According to the OWASP rules:
    11. 

  11.  *
    12. 

  12.  * & --> &amp;
    13. 

  13.  * < --> &lt;
    14. 

  14.  * > --> &gt;
    15. 

  15.  * " --> &quot;
    16. 

  16.  * ' --> &#x27;     &apos; is not recommended
    17. 

  17.  * / --> &#x2F;     forward slash is included as it helps end an HTML entity
    18. 

  18.  *
    19. 

  19.  */
    20. 

  20. static const char HTML_ESCAPE_TABLE[] = {
    21. 

  21. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    22. 

  22. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    23. 

  23. 	0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4, 
    24. 

  24. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0, 
    25. 

  25. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    26. 

  26. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    27. 

  27. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    28. 

  28. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    29. 

  29. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    30. 

  30. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    31. 

  31. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    32. 

  32. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    33. 

  33. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    34. 

  34. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    35. 

  35. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 
    36. 

  36. 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
    37. 

  37. };
    38. 

  38. 

  39. static const char *HTML_ESCAPES[] = {
    40. 

  40.         "",
    41. 

  41.         "&quot;",
    42. 

  42.         "&amp;",
    43. 

  43.         "&#39;",
    44. 

  44.         "&#47;",
    45. 

  45.         "&lt;",
    46. 

  46.         "&gt;"
    47. 

  47. };
    48. 

  48. 

  49. void
    50. 

  50. houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure)
    51. 

  51. {
    52. 

  52. 	size_t i = 0, org, esc = 0;
    53. 

  53. 

  54. 	bufgrow(ob, ESCAPE_GROW_FACTOR(size));
    55. 

  55. 

  56. 	while (i < size) {
    57. 

  57. 		org = i;
    58. 

  58. 		while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
    59. 

  59. 			i++;
    60. 

  60. 

  61. 		if (i > org)
    62. 

  62. 			bufput(ob, src + org, i - org);
    63. 

  63. 

  64. 		/* escaping */
    65. 

  65. 		if (i >= size)
    66. 

  66. 			break;
    67. 

  67. 

  68. 		/* The forward slash is only escaped in secure mode */
    69. 

  69. 		if (src[i] == '/' && !secure) {
    70. 

  70. 			bufputc(ob, '/');
    71. 

  71. 		} else {
    72. 

  72. 			bufputs(ob, HTML_ESCAPES[esc]);
    73. 

  73. 		}
    74. 

  74. 

  75. 		i++;
    76. 

  76. 	}
    77. 

  77. }
    78. 

  78. 

  79. void
    80. 

  80. houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size)
    81. 

  81. {
    82. 

  82. 	houdini_escape_html0(ob, src, size, 1);
    83. 

  83. }
    84. 

  84. 

  85.