diff options
| author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2009-03-01 17:36:27 +0100 |
|---|---|---|
| committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2009-03-01 17:36:27 +0100 |
| commit | 1cc4ad533dddb42ed4378193924c88ec8e24229c (patch) | |
| tree | f4227f9c8803b31325e0a4842bd533f155aae319 | |
| parent | cb34c93b888eda3f8d851398462dfe6152d33f77 (diff) | |
Defensively escape href and src attributes.
| -rw-r--r-- | cljssss-g.clj | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/cljssss-g.clj b/cljssss-g.clj index d232b53..a0c48c4 100644 --- a/cljssss-g.clj +++ b/cljssss-g.clj @@ -190,6 +190,12 @@ to merely being replaced with a div element)?" (defn escape-string [string] (str-utils/re-gsub #"\"" "\\\\\"" string)) +(defn escape-uri [string] + ;; Easy? Nope. + ;;(java.net.URLEncoder/encode string "UTF-8") + (str-utils/re-gsub #"=" "%3D" + (str-utils/re-gsub #"&" "%26" string))) + (defn print-xml [node] (if (string? node) (print (escape-xml node)) @@ -199,7 +205,9 @@ to merely being replaced with a div element)?" (when-not (= attr-name :shape) (printf " %s=\"%s\"" (name attr-name) - (escape-string attr)))) + (if (#{:href :src} attr-name) + (escape-string (escape-uri attr)) + (escape-string attr))))) (print ">") (doall (map print-xml content)) (printf "</%s>" (name tag))))) |