# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1652122604 -7200
# Node ID 7bf652914e9b442713e119a5b0a7131c54fd8352
# Parent bdd31584141f7b3670fb29a544c67416658ddbdd
xml escape href value in propfind response
diff -r bdd31584141f -r 7bf652914e9b src/server/webdav/multistatus.c
--- a/src/server/webdav/multistatus.c Mon May 09 20:06:27 2022 +0200
+++ b/src/server/webdav/multistatus.c Mon May 09 20:56:44 2022 +0200
@@ -92,6 +92,56 @@
writer_putc(out, '\"');
}
+static void send_string_escaped(Writer *out, sstr_t str) {
+ char *begin = str.ptr;
+ char *end = begin;
+ char *escape = NULL;
+ int esclen;
+ for(size_t i=0;i<str.length;i++) {
+ char c = str.ptr[i];
+ end = str.ptr + i;
+ switch(c) {
+ case '"': {
+ escape = """;
+ esclen = 6;
+ break;
+ }
+ case '&': {
+ escape = "&";
+ esclen = 5;
+ break;
+ }
+ case '\'': {
+ escape = "'";
+ esclen = 6;
+ break;
+ }
+ case '<': {
+ escape = "<";
+ esclen = 4;
+ break;
+ }
+ case '>': {
+ escape = ">";
+ esclen = 4;
+ break;
+ }
+ default: continue;
+ }
+ ptrdiff_t len = end - begin;
+ if(len > 0) {
+ writer_put(out, begin, len);
+ begin = end + 1;
+ }
+ writer_put(out, escape, esclen);
+ }
+ ptrdiff_t len = end - begin;
+ if(len > 0) {
+ writer_put(out, begin, len + 1);
+ begin = end + 1;
+ }
+}
+
static int send_property(
Multistatus *ms,
WebdavProperty *property,
@@ -184,7 +234,8 @@
static int send_response_tag(Multistatus *ms, MSResponse *rp, Writer *out) {
writer_puts(out, S(" <D:response>\n"
" <D:href>"));
- writer_puts(out, sstr(rp->resource.href));
+ //writer_puts(out, sstr(rp->resource.href));
+ send_string_escaped(out, sstr(rp->resource.href));
writer_puts(out, S("</D:href>\n"));
WSBool writeContent = ms->proppatch ? FALSE : TRUE;