escape HTML in paths
- escape paths in diff line. - escape path in anchor href attribute in files.html
| 1 files changed, 12 insertions(+), 4 deletions(-) | |||
|---|---|---|---|
| M | stagit.c | +12 | -4 |
1@@ -532,9 +532,15 @@ printshowfile(FILE *fp, struct commitinfo *ci)
2 for (i = 0; i < ci->ndeltas; i++) {
3 patch =
ci->deltas[i]->patch;
4 delta =
git_patch_get_delta(patch);
5- fprintf(fp, "<b>diff --git a/<a id=\"h%zu\"
href=\"%sfile/%s.html\">%s</a> b/<a
href=\"%sfile/%s.html\">%s</a></b>\n",
6- i, relpath,
delta->old_file.path, delta->old_file.path,
7- relpath,
delta->new_file.path, delta->new_file.path);
8+ fprintf(fp,
"<b>diff --git a/<a id=\"h%zu\" href=\"%sfile/", i,
relpath);
9+ xmlencode(fp,
delta->old_file.path, strlen(delta->old_file.path));
10+
fputs(".html\">", fp);
11+ xmlencode(fp,
delta->old_file.path, strlen(delta->old_file.path));
12+ fprintf(fp,
"</a> b/<a href=\"%sfile/", relpath);
13+ xmlencode(fp,
delta->new_file.path, strlen(delta->new_file.path));
14+ fprintf(fp,
".html\">");
15+ xmlencode(fp,
delta->new_file.path, strlen(delta->new_file.path));
16+ fprintf(fp,
"</a></b>\n");
17
18 /* check binary
data */
19 if
(delta->flags & GIT_DIFF_FLAG_BINARY) {
20@@ -881,7 +887,9 @@ writefilestree(FILE *fp, git_tree *tree, const char *path)
21
22
fputs("<tr><td>", fp);
23
fputs(filemode(git_tree_entry_filemode(entry)), fp);
24- fprintf(fp, "</td><td><a
href=\"%s%s\">", relpath, filepath);
25+ fprintf(fp,
"</td><td><a href=\"%s", relpath);
26+ xmlencode(fp,
filepath, strlen(filepath));
27+
fputs("\">", fp);
28 xmlencode(fp, entrypath, strlen(entrypath));
29
fputs("</a></td><td class=\"num\"
align=\"right\">", fp);
30 if (lc >
0)