aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2019-12-19 17:24:39 +0100
committerLoïc Hoguin <[email protected]>2019-12-19 17:24:39 +0100
commitec8564ba97a9ee8526a109f5799c77eed5b99f7b (patch)
tree347c24c59c4a2c4344c0d5cfdea91c6b33bbd8db /src
parentea6b482f82e016aeb171c3fa37734a97a182f63f (diff)
downloadcowlib-ec8564ba97a9ee8526a109f5799c77eed5b99f7b.tar.gz
cowlib-ec8564ba97a9ee8526a109f5799c77eed5b99f7b.tar.bz2
cowlib-ec8564ba97a9ee8526a109f5799c77eed5b99f7b.zip
Escape attribute values when building link headers
Diffstat (limited to 'src')
-rw-r--r--src/cow_link.erl16
1 files changed, 15 insertions, 1 deletions
diff --git a/src/cow_link.erl b/src/cow_link.erl
index 4cf24c2..3a9526c 100644
--- a/src/cow_link.erl
+++ b/src/cow_link.erl
@@ -363,10 +363,15 @@ do_link(#{target := TargetURI, rel := Rel, attributes := Params}) ->
[
$<, TargetURI, <<">"
"; rel=\"">>, Rel, $",
- [[<<"; ">>, Key, <<"=\"">>, Value, $"]
+ [[<<"; ">>, Key, <<"=\"">>, escape(Value, <<>>), $"]
|| {Key, Value} <- Params]
].
+escape(<<>>, Acc) -> Acc;
+escape(<<$\\,R/bits>>, Acc) -> escape(R, <<Acc/binary,$\\,$\\>>);
+escape(<<$\",R/bits>>, Acc) -> escape(R, <<Acc/binary,$\\,$\">>);
+escape(<<C,R/bits>>, Acc) -> escape(R, <<Acc/binary,C>>).
+
-ifdef(TEST).
link_test_() ->
Tests = [
@@ -420,6 +425,15 @@ link_test_() ->
rel => <<"index">>,
attributes => []
}
+ ]},
+ {<<"</>; rel=\"previous\"; quoted=\"name=\\\"value\\\"\"">>, [
+ #{
+ target => <<"/">>,
+ rel => <<"previous">>,
+ attributes => [
+ {<<"quoted">>, <<"name=\"value\"">>}
+ ]
+ }
]}
],
[{iolist_to_binary(io_lib:format("~0p", [V])),
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 18:29:47 +0000