Properly escape ampersands inside HTML attributes

Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>

diff --git a/html.c b/html.c
index a0f6db4b04bdca2215d0425f9f85ed70933d08ce..24a03a52b4042130a4da207ddafcfc370525658d 100644 (file)
--- a/html.c
+++ b/html.c
@@ -138,7 +138,7 @@ void html_attr(const char *txt)
        const char *t = txt;
        while(t && *t){
                int c = *t;
-               if (c=='<' || c=='>' || c=='\'' || c=='\"') {
+               if (c=='<' || c=='>' || c=='\'' || c=='\"' || c=='&') {
                        html_raw(txt, t - txt);
                        if (c=='>')
                                html("&gt;");
@@ -148,6 +148,8 @@ void html_attr(const char *txt)
                                html("&#x27;");
                        else if (c=='"')
                                html("&quot;");
+                       else if (c=='&')
+                               html("&amp;");
                        txt = t+1;
                }
                t++;