Added escaping of double quotes in ngx_escape_html().

Patch by Zaur Abasmirzoev.
author: Maxim Dounin <mdounin@mdounin.ru> 2011-11-25 16:36:02 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> 2011-11-25 16:36:02 +0000
commit: 1b9b19d7e2a2fcd3d2b773b64f198cec354f384c (patch)
tree: a5c557ca5c935a4afd31fa46430976d9334b51d6 /src/core/ngx_string.c
parent: 13717da19e52fb0b43b25ebfdb9bab1bc0a71ce4 (diff)
download: nginx-1b9b19d7e2a2fcd3d2b773b64f198cec354f384c.tar.gz
nginx-1b9b19d7e2a2fcd3d2b773b64f198cec354f384c.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 29f8e0d67..f5e1d4bf3 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
                 len += sizeof("&amp;") - 2;
                 break;
 
+            case '"':
+                len += sizeof("&quot;") - 2;
+                break;
+
             default:
                 break;
             }
@@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
             *dst++ = ';';
             break;
 
+        case '"':
+            *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
+            *dst++ = 't'; *dst++ = ';';
+            break;
+
         default:
             *dst++ = ch;
             break;
author	Maxim Dounin <mdounin@mdounin.ru>	2011-11-25 16:36:02 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	2011-11-25 16:36:02 +0000
commit	1b9b19d7e2a2fcd3d2b773b64f198cec354f384c (patch)
tree	a5c557ca5c935a4afd31fa46430976d9334b51d6 /src/core/ngx_string.c
parent	13717da19e52fb0b43b25ebfdb9bab1bc0a71ce4 (diff)
download	nginx-1b9b19d7e2a2fcd3d2b773b64f198cec354f384c.tar.gz nginx-1b9b19d7e2a2fcd3d2b773b64f198cec354f384c.zip