[PATCH 3/8] Skip forbidden characters.

[zwinkau at kit.edu]

From: Sebastian Buchwald <Sebastian.Buchwald at kit.edu>

---
 html.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/html.c b/html.c
index 91047ad..6037eec 100644
--- a/html.c
+++ b/html.c
@@ -129,7 +129,8 @@ void html_txt(const char *txt)
 	const char *t = txt;
 	while (t && *t) {
 		int c = *t;
-		if (c == '<' || c == '>' || c == '&') {
+		if ((c < 0x20 && c != '\t' && c != '\n' && c != '\r')
+				|| (c == '<' || c == '>' || c == '&')) {
 			html_raw(txt, t - txt);
 			if (c == '>')
 				html(">");
@@ -150,7 +151,8 @@ void html_ntxt(int len, const char *txt)
 	const char *t = txt;
 	while (t && *t && len--) {
 		int c = *t;
-		if (c == '<' || c == '>' || c == '&') {
+		if ((c < 0x20 && c != '\t' && c != '\n' && c != '\r')
+				|| (c == '<' || c == '>' || c == '&')) {
 			html_raw(txt, t - txt);
 			if (c == '>')
 				html(">");
@@ -186,7 +188,8 @@ void html_attr(const char *txt)
 	const char *t = txt;
 	while (t && *t) {
 		int c = *t;
-		if (c == '<' || c == '>' || c == '\'' || c == '\"' || c == '&') {
+		if (c == '<' || c == '>' || c == '\'' || c == '\"' || c == '&'
+				|| (c < 0x20 && c != '\t' && c != '\n' && c != '\r')) {
 			html_raw(txt, t - txt);
 			if (c == '>')
 				html(">");
-- 
1.9.1