From mboxrd@z Thu Jan  1 00:00:00 1970
From: zwinkau at kit.edu (zwinkau at kit.edu)
Date: Tue,  1 Jul 2014 09:40:28 +0200
Subject: [PATCH 3/8] Skip forbidden characters.
In-Reply-To: <1404200433-30081-1-git-send-email-zwinkau@kit.edu>
References: <1404200433-30081-1-git-send-email-zwinkau@kit.edu>
Message-ID: <1404200433-30081-3-git-send-email-zwinkau@kit.edu>

From: Sebastian Buchwald <Sebastian.Buchwald at kit.edu>

---
 html.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/html.c b/html.c
index 91047ad..6037eec 100644
--- a/html.c
+++ b/html.c
@@ -129,7 +129,8 @@ void html_txt(const char *txt)
 	const char *t = txt;
 	while (t && *t) {
 		int c = *t;
-		if (c == '<' || c == '>' || c == '&') {
+		if ((c < 0x20 && c != '\t' && c != '\n' && c != '\r')
+				|| (c == '<' || c == '>' || c == '&')) {
 			html_raw(txt, t - txt);
 			if (c == '>')
 				html("&gt;");
@@ -150,7 +151,8 @@ void html_ntxt(int len, const char *txt)
 	const char *t = txt;
 	while (t && *t && len--) {
 		int c = *t;
-		if (c == '<' || c == '>' || c == '&') {
+		if ((c < 0x20 && c != '\t' && c != '\n' && c != '\r')
+				|| (c == '<' || c == '>' || c == '&')) {
 			html_raw(txt, t - txt);
 			if (c == '>')
 				html("&gt;");
@@ -186,7 +188,8 @@ void html_attr(const char *txt)
 	const char *t = txt;
 	while (t && *t) {
 		int c = *t;
-		if (c == '<' || c == '>' || c == '\'' || c == '\"' || c == '&') {
+		if (c == '<' || c == '>' || c == '\'' || c == '\"' || c == '&'
+				|| (c < 0x20 && c != '\t' && c != '\n' && c != '\r')) {
 			html_raw(txt, t - txt);
 			if (c == '>')
 				html("&gt;");
-- 
1.9.1