aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Andreas Benkard <code@mail.matthias.benkard.de>2009-03-01 17:36:27 +0100
committerMatthias Andreas Benkard <code@mail.matthias.benkard.de>2009-03-01 17:36:27 +0100
commit1cc4ad533dddb42ed4378193924c88ec8e24229c (patch)
treef4227f9c8803b31325e0a4842bd533f155aae319
parentcb34c93b888eda3f8d851398462dfe6152d33f77 (diff)
Defensively escape href and src attributes.
-rw-r--r--cljssss-g.clj10
1 files changed, 9 insertions, 1 deletions
diff --git a/cljssss-g.clj b/cljssss-g.clj
index d232b53..a0c48c4 100644
--- a/cljssss-g.clj
+++ b/cljssss-g.clj
@@ -190,6 +190,12 @@ to merely being replaced with a div element)?"
(defn escape-string [string]
(str-utils/re-gsub #"\"" "\\\\\"" string))
+(defn escape-uri [string]
+ ;; Easy? Nope.
+ ;;(java.net.URLEncoder/encode string "UTF-8")
+ (str-utils/re-gsub #"=" "%3D"
+ (str-utils/re-gsub #"&" "%26" string)))
+
(defn print-xml [node]
(if (string? node)
(print (escape-xml node))
@@ -199,7 +205,9 @@ to merely being replaced with a div element)?"
(when-not (= attr-name :shape)
(printf " %s=\"%s\""
(name attr-name)
- (escape-string attr))))
+ (if (#{:href :src} attr-name)
+ (escape-string (escape-uri attr))
+ (escape-string attr)))))
(print ">")
(doall (map print-xml content))
(printf "</%s>" (name tag)))))