diff options
| author | Micael Karlberg <[email protected]> | 2011-03-10 15:45:06 +0100 |
|---|---|---|
| committer | Micael Karlberg <[email protected]> | 2011-03-10 15:45:06 +0100 |
| commit | d612652cc71da9660b101db70a9f163b66c4b53a (patch) | |
| tree | 4facbe73ce6492549080d4366740c597481102cc /lib/inets/src/http_lib | |
| parent | 8533b8bcae728783b1c066b9fecb96b1cc2eb03c (diff) | |
| parent | 4827d5db5fb2ca10772f70fbb6ad7f7f99285d96 (diff) | |
| download | otp-d612652cc71da9660b101db70a9f163b66c4b53a.tar.gz otp-d612652cc71da9660b101db70a9f163b66c4b53a.tar.bz2 otp-d612652cc71da9660b101db70a9f163b66c4b53a.zip | |
Merge branch 'ms/inets-prevent_xss_in_error_pages' into bmk/inets/httpd/prevent_xss_in_error_pages/OTP-9124
Diffstat (limited to 'lib/inets/src/http_lib')
| -rw-r--r-- | lib/inets/src/http_lib/http_util.erl | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/lib/inets/src/http_lib/http_util.erl b/lib/inets/src/http_lib/http_util.erl index 4f1147176c..5e6b69ac5e 100644 --- a/lib/inets/src/http_lib/http_util.erl +++ b/lib/inets/src/http_lib/http_util.erl @@ -25,7 +25,8 @@ hexlist_to_integer/1, integer_to_hexlist/1, convert_month/1, is_hostname/1, - timestamp/0, timeout/2 + timestamp/0, timeout/2, + html_encode/1 ]). @@ -187,6 +188,13 @@ timeout(Timeout, Started) -> end. +html_encode(Chars) -> + Reserved = sets:from_list([$&, $<, $>, $\", $', $/]), + lists:append(lists:map(fun(Char) -> + char_to_html_entity(Char, Reserved) + end, Chars)). + + %%%======================================================================== %%% Internal functions %%%======================================================================== @@ -235,3 +243,11 @@ convert_to_ascii([Num | Reversed], Number) convert_to_ascii([Num | Reversed], Number) when (Num > 9) andalso (Num < 16) -> convert_to_ascii(Reversed, [Num + 55 | Number]). + +char_to_html_entity(Char, Reserved) -> + case sets:is_element(Char, Reserved) of + true -> + "&#" ++ integer_to_list(Char) ++ ";"; + false -> + [Char] + end. |