html.c: use correct escaping in html attributes

First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '"', not '&quote;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
author: Lars Hjemli <hjemli@gmail.com> 2009-01-29 22:21:15 +0100
committer: Lars Hjemli <hjemli@gmail.com> 2009-01-29 22:21:15 +0100
commit: 7efcef00b5aadf22f5be80ecd7b736398cf7f6b4 (patch)
tree: 6bfdb7c5499ba43eb9b302394adc7bfa7e517436
parent: CGIT 0.8.1.1 (diff)
download: cgit-7efcef00b5aadf22f5be80ecd7b736398cf7f6b4.tar.gz
cgit-7efcef00b5aadf22f5be80ecd7b736398cf7f6b4.tar.bz2
cgit-7efcef00b5aadf22f5be80ecd7b736398cf7f6b4.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/html.c b/html.c
index d7d9fd7..66ba65d 100644
--- a/html.c
+++ b/html.c
@@ -112,14 +112,16 @@ void html_attr(char *txt)
 	char *t = txt;
 	while(t && *t){
 		int c = *t;
-		if (c=='<' || c=='>' || c=='\'') {
+		if (c=='<' || c=='>' || c=='\'' || c=='\"') {
 			write(htmlfd, txt, t - txt);
 			if (c=='>')
 				html("&gt;");
 			else if (c=='<')
 				html("&lt;");
 			else if (c=='\'')
-				html("&quote;");
+				html("&#x27;");
+			else if (c=='"')
+				html("&quot;");
 			txt = t+1;
 		}
 		t++;
author	Lars Hjemli <hjemli@gmail.com>	2009-01-29 22:21:15 +0100
committer	Lars Hjemli <hjemli@gmail.com>	2009-01-29 22:21:15 +0100
commit	7efcef00b5aadf22f5be80ecd7b736398cf7f6b4 (patch)
tree	6bfdb7c5499ba43eb9b302394adc7bfa7e517436
parent	CGIT 0.8.1.1 (diff)
download	cgit-7efcef00b5aadf22f5be80ecd7b736398cf7f6b4.tar.gz cgit-7efcef00b5aadf22f5be80ecd7b736398cf7f6b4.tar.bz2 cgit-7efcef00b5aadf22f5be80ecd7b736398cf7f6b4.zip