diff options
| author | default <nobody@localhost> | 2023-03-06 11:06:35 +0100 |
|---|---|---|
| committer | default <nobody@localhost> | 2023-03-06 11:06:35 +0100 |
| commit | 49f2f498de0ad3b2c8df1203ff444c1794617ecb (patch) | |
| tree | 2186b34f807ee238770f799ba4a290ea9716577b /format.c | |
| parent | 79ea0bf4abdd4acbe830b10aab20c7f0d8f84f40 (diff) | |
Strip dangerous control codes in sanitize().
Diffstat (limited to 'format.c')
| -rw-r--r-- | format.c | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -179,11 +179,20 @@ d_char *sanitize(const char *content) xs *sl; int n = 0; char *p, *v; + xs *content2 = xs_dup(content); - sl = xs_regex_split(content, "</?[^>]+>"); + /* strip dangerous control codes */ + for (n = 0; content2[n]; n++) { + if (content2[n] > 0x0 && content2[n] < 0x20 && + content2[n] != '\r' && content2[n] != '\n') + content2[n] = ' '; + } + + sl = xs_regex_split(content2, "</?[^>]+>"); p = sl; + n = 0; while (xs_list_iter(&p, &v)) { if (n & 0x1) { xs *s1 = xs_strip_i(xs_crop_i(xs_dup(v), v[1] == '/' ? 2 : 1, -1)); |