summary refs log tree commit diff
path: root/bin
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-01-19 21:27:23 -0500
committerJune McEnroe <june@causal.agency>2021-01-19 21:27:23 -0500
commita3ee3ce9314d95f939c9bd39dd8b83becd4c7fc5 (patch)
tree686c43b9b0e2590bc0fc80d52fdad83e2663ae3d /bin
parentDon't use a pager if reading standard input (diff)
downloadsrc-a3ee3ce9314d95f939c9bd39dd8b83becd4c7fc5.tar.gz
src-a3ee3ce9314d95f939c9bd39dd8b83becd4c7fc5.zip
Map tags to IDs using only [[:alnum:]-._]
Diffstat (limited to '')
-rw-r--r--bin/htagml.c17


1 files changed, 14 insertions, 3 deletions
diff --git a/bin/htagml.c b/bin/htagml.c
index f6971de4..8b7255ab 100644
--- a/bin/htagml.c
+++ b/bin/htagml.c
@@ -14,6 +14,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <ctype.h>
 #include <err.h>
 #include <regex.h>
 #include <stdbool.h>
@@ -51,6 +52,16 @@ static size_t escape(bool esc, const char *ptr, size_t len) {
 	return len;
 }
 
+static void id(const char *tag) {
+	for (const char *ch = tag; *ch; ++ch) {
+		if (isalnum(*ch) || strchr("-._", *ch)) {
+			putchar(*ch);
+		} else {
+			putchar('_');
+		}
+	}
+}
+
 static char *hstrstr(const char *haystack, const char *needle) {
 	while (haystack) {
 		char *elem = strchr(haystack, '<');
@@ -152,7 +163,7 @@ int main(int argc, char *argv[]) {
 		if (index) {
 			if (!tag) continue;
 			printf("<li><a class=\"tag\" href=\"#");
-			escape(true, tag->tag, strlen(tag->tag));
+			id(tag->tag);
 			printf("\">");
 			escape(true, tag->tag, strlen(tag->tag));
 			printf("</a></li>\n");
@@ -181,9 +192,9 @@ int main(int argc, char *argv[]) {
 		}
 		escape(!pipe, buf, match - buf);
 		printf("<a class=\"tag\" id=\"");
-		escape(true, tag->tag, strlen(tag->tag));
+		id(tag->tag);
 		printf("\" href=\"#");
-		escape(true, tag->tag, strlen(tag->tag));
+		id(tag->tag);
 		printf("\">");
 		match += escape(!pipe, match, mlen);
 		printf("</a>");

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-05 17:23:38 +0000


 


t upstream bans sprintf() with commit:

  banned.h: mark sprintf() as banned
  cc8fdaee1eeaf05d8dd55ff11f111b815f673c58

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-log: ban strncpy()Christian Hesse

Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11ui-log: ban strcpy()Christian Hesse

Git upstream bans strcpy() with commit:

  automatically ban strcpy()
  c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11parsing: ban sprintf()Christian Hesse

Git upstream bans sprintf() with commit:

  banned.h: mark sprintf() as banned
  cc8fdaee1eeaf05d8dd55ff11f111b815f673c58

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-09-11parsing: ban strncpy()Christian Hesse

Git upstream bans strncpy() with commit:

  banned.h: mark strncpy() as banned
  e488b7aba743d23b830d239dcc33d9ca0745a9ad

Signed-off-by: Christian Hesse <mail@eworm.de>



2018-08-28filters: generate anchor links from markdownChristian Hesse

This makes the markdown filter generate anchor links for headings.

Signed-off-by: Christian Hesse <mail@eworm.de>
Tested-by: jean-christophe manciot <actionmystique@gmail.com>



2018-08-03Bump version.Jason A. Donenfeld

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>



2018-08-03clone: fix directory traversalJason A. Donenfeld

This was introduced in the initial version of this code, way back when
in 2008.

$ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd
root:x:0:0:root:/root:/bin/sh
...

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Jann Horn <jannh@google.com>



2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsev