html.c: use correct escaping in html attributes

First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '"', not '&quote;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
16 years ago · 7efcef00b5
parent ba75f6613e
commit 7efcef00b5
1 changed files with 4 additions and 2 deletions
--- a/html.c
+++ b/html.c
@ -112,14 +112,16 @@ void html_attr(char *txt)
 	char *t = txt;
 	while(t && *t){
 		int c = *t;
-		if (c=='<' || c=='>' || c=='\'') {
+		if (c=='<' || c=='>' || c=='\'' || c=='\"') {
 			write(htmlfd, txt, t - txt);
 			if (c=='>')
 				html("&gt;");
 			else if (c=='<')
 				html("&lt;");
 			else if (c=='\'')
-				html("&quote;");
+				html("&#x27;");
+			else if (c=='"')
+				html("&quot;");
 			txt = t+1;
 		}
 		t++;