Fix htmlEscape function from deadlocking

develop
Nimetu 3 years ago
parent df4833bf0f
commit 0b503e352b

@ -76,7 +76,7 @@ namespace NLGUI
void reindexChilds(); void reindexChilds();
// escape text tag or attribute value // escape text tag or attribute value
std::string htmlEscape(std::string val, bool isAttribute = false) const; std::string htmlEscape(const std::string &val) const;
// serialize element attributes as string // serialize element attributes as string
std::string serializeAttributes() const; std::string serializeAttributes() const;

@ -142,26 +142,29 @@ namespace NLGUI
} }
// *************************************************************************** // ***************************************************************************
std::string CHtmlElement::htmlEscape(std::string val, bool isAttribute) const std::string CHtmlElement::htmlEscape(const std::string &val) const
{ {
static const std::string searchReplace[] = { if (val.find_first_of("\"'&<>\xA0") == std::string::npos)
"&", "&amp;", return val;
"<", "&lt;",
">", "&gt;", std::string ret;
"\xA0", "&nbsp;", // resize is quaranteed, make room for some free replacements
}; ret.reserve(val.size() + 24);
for(size_t pos = 0; pos != val.size(); pos++)
for(uint i = 0; i < (sizeof(searchReplace) / sizeof(searchReplace[0])); i+=2)
val = strFindReplaceAll(val, searchReplace[i], searchReplace[i+1]);
if (isAttribute)
{ {
static const std::string q = "\""; switch(val[pos])
static const std::string quot = "&quot;"; {
val = strFindReplaceAll(val, q, quot); case '"': ret.append("&quot;"); break;
case '\'': ret.append("&apos;"); break;
case '&': ret.append("&amp;"); break;
case '<': ret.append("&lt;"); break;
case '>': ret.append("&gt;"); break;
case '\xA0': ret.append("&nbsp;"); break;
default : ret.append(&val[pos],1); break;
}
} }
return val; return ret;
} }
// *************************************************************************** // ***************************************************************************
@ -179,13 +182,13 @@ namespace NLGUI
{ {
result += " "; result += " ";
} }
result += htmlEscape(*it2, true); result += htmlEscape(*it2);
} }
result += "\""; result += "\"";
} }
else else
{ {
result += " " + it->first + "=\"" + htmlEscape(it->second, true) + "\""; result += " " + it->first + "=\"" + htmlEscape(it->second) + "\"";
} }
} }
return result; return result;

Loading…
Cancel
Save