ngx_escape_html()

2 files changed, 63 insertions, 0 deletions

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 68b2d61f0..6b40d0f91 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1299,6 +1299,67 @@ done:
 }
 
 
+uintptr_t
+ngx_escape_html(u_char *dst, u_char *src, size_t size)
+{
+    u_char      ch;
+    ngx_uint_t  i, len;
+
+    if (dst == NULL) {
+
+        len = 0;
+
+        for (i = 0; i < size; i++) {
+            switch (*src++) {
+
+            case '<':
+                len += sizeof("&lt;") - 2;
+                break; 
+
+            case '>':
+                len += sizeof("&gt;") - 2;
+                break; 
+
+            case '&':
+                len += sizeof("&amp;") - 2;
+                break; 
+
+            default:
+                break;
+            }
+        }
+
+        return (uintptr_t) len;
+    }
+
+    for (i = 0; i < size; i++) {
+        ch = *src++;
+
+        switch (ch) {
+
+        case '<':
+            *dst++ = '&'; *dst++ = 'l'; *dst++ = 't'; *dst++ = ';';
+            break;
+
+        case '>':
+            *dst++ = '&'; *dst++ = 'g'; *dst++ = 't'; *dst++ = ';';
+            break;
+
+        case '&':
+            *dst++ = '&'; *dst++ = 'a'; *dst++ = 'm'; *dst++ = 'p';
+            *dst++ = ';';
+            break;
+
+        default:
+            *dst++ = ch;
+            break;
+        }
+    }
+
+    return (uintptr_t) dst;
+}
+
+
 /* ngx_sort() is implemented as insertion sort because we need stable sort */
 
 void
diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h
index a1da15f6b..e17fc13fb 100644
--- a/src/core/ngx_string.h
+++ b/src/core/ngx_string.h
@@ -165,6 +165,8 @@ u_char *ngx_utf_cpystrn(u_char *dst, u_char *src, size_t n);
 uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size,
     ngx_uint_t type);
 void ngx_unescape_uri(u_char **dst, u_char **src, size_t size, ngx_uint_t type);
+uintptr_t ngx_escape_html(u_char *dst, u_char *src, size_t size);
+
 
 
 void ngx_sort(void *base, size_t n, size_t size,