version 1.178, 2014/10/27 13:31:04 |
version 1.179, 2014/10/27 16:29:06 |
Line 437 print_encode(struct html *h, const char *p, int norecu |
|
Line 437 print_encode(struct html *h, const char *p, int norecu |
|
case ESCAPE_UNICODE: |
case ESCAPE_UNICODE: |
/* Skip past "u" header. */ |
/* Skip past "u" header. */ |
c = mchars_num2uc(seq + 1, len - 1); |
c = mchars_num2uc(seq + 1, len - 1); |
|
|
/* |
|
* XXX Security warning: |
|
* For now, forbid Unicode obfuscation of ASCII |
|
* characters. An audit of the callers is |
|
* required before this can be removed. |
|
*/ |
|
|
|
if (c < 0x80) |
|
c = 0xFFFD; |
|
|
|
printf("&#x%x;", c); |
|
break; |
break; |
case ESCAPE_NUMBERED: |
case ESCAPE_NUMBERED: |
c = mchars_num2char(seq, len); |
c = mchars_num2char(seq, len); |
if ( ! ('\0' == c || print_escape(c))) |
|
putchar(c); |
|
break; |
break; |
case ESCAPE_SPECIAL: |
case ESCAPE_SPECIAL: |
c = mchars_spec2cp(h->symtab, seq, len); |
c = mchars_spec2cp(h->symtab, seq, len); |
if (c <= 0) |
|
break; |
|
if (c < 0x20 || c > 0x7e) |
|
printf("&#%d;", c); |
|
else if ( ! print_escape(c)) |
|
putchar(c); |
|
break; |
break; |
case ESCAPE_NOSPACE: |
case ESCAPE_NOSPACE: |
if ('\0' == *p) |
if ('\0' == *p) |
nospace = 1; |
nospace = 1; |
break; |
continue; |
default: |
default: |
break; |
continue; |
} |
} |
|
if (c <= 0) |
|
continue; |
|
if (c < 0x20 || (c > 0x7E && c < 0xA0)) |
|
c = 0xFFFD; |
|
if (c > 0x7E) |
|
printf("&#%d;", c); |
|
else if ( ! print_escape(c)) |
|
putchar(c); |
} |
} |
|
|
return(nospace); |
return(nospace); |