Merge of r4313:

Added escaping of double quotes in ngx_escape_html(). Patch by Zaur Abasmirzoev.
author: Maxim Dounin <mdounin@mdounin.ru> 2011-12-14 18:04:06 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> 2011-12-14 18:04:06 +0000
commit: 10205366633be309af080130655520c40181e41f (patch)
tree: 05a97fd43410fae499f1c940fd3775ea5c28d49c
parent: e415ec3b9987bf1e5cf53f87d8463952ec8d9e61 (diff)
download: nginx-10205366633be309af080130655520c40181e41f.tar.gz
nginx-10205366633be309af080130655520c40181e41f.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 29f8e0d67..f5e1d4bf3 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1657,6 +1657,10 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
                 len += sizeof("&amp;") - 2;
                 break;
 
+            case '"':
+                len += sizeof("&quot;") - 2;
+                break;
+
             default:
                 break;
             }
@@ -1684,6 +1688,11 @@ ngx_escape_html(u_char *dst, u_char *src, size_t size)
             *dst++ = ';';
             break;
 
+        case '"':
+            *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
+            *dst++ = 't'; *dst++ = ';';
+            break;
+
         default:
             *dst++ = ch;
             break;
author	Maxim Dounin <mdounin@mdounin.ru>	2011-12-14 18:04:06 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	2011-12-14 18:04:06 +0000
commit	10205366633be309af080130655520c40181e41f (patch)
tree	05a97fd43410fae499f1c940fd3775ea5c28d49c
parent	e415ec3b9987bf1e5cf53f87d8463952ec8d9e61 (diff)
download	nginx-10205366633be309af080130655520c40181e41f.tar.gz nginx-10205366633be309af080130655520c40181e41f.tar.bz2