You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 lines
4.4 KiB
Rust
121 lines
4.4 KiB
Rust
// Copyright 2015 Google Inc. All rights reserved.
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
// of this software and associated documentation files (the "Software"), to deal
|
|
// in the Software without restriction, including without limitation the rights
|
|
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
// copies of the Software, and to permit persons to whom the Software is
|
|
// furnished to do so, subject to the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be included in
|
|
// all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
// THE SOFTWARE.
|
|
|
|
//! Utility functions for HTML escaping
|
|
|
|
use std::str::from_utf8;
|
|
|
|
static HREF_SAFE: [u8; 128] = [
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1,
|
|
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
|
|
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
|
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,
|
|
0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
|
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
|
|
];
|
|
|
|
static HEX_CHARS: &'static [u8] = b"0123456789ABCDEF";
|
|
|
|
pub fn escape_href(ob: &mut String, s: &str) {
|
|
let mut mark = 0;
|
|
for i in 0..s.len() {
|
|
let c = s.as_bytes()[i];
|
|
if c >= 0x80 || HREF_SAFE[c as usize] == 0 {
|
|
// character needing escape
|
|
|
|
// write partial substring up to mark
|
|
if mark < i {
|
|
ob.push_str(&s[mark..i]);
|
|
}
|
|
match c {
|
|
b'&' => {
|
|
ob.push_str("&");
|
|
},
|
|
b'\'' => {
|
|
ob.push_str("'");
|
|
},
|
|
_ => {
|
|
let mut buf = [0u8; 3];
|
|
buf[0] = b'%';
|
|
buf[1] = HEX_CHARS[((c as usize) >> 4) & 0xF];
|
|
buf[2] = HEX_CHARS[(c as usize) & 0xF];
|
|
ob.push_str(from_utf8(&buf).unwrap());
|
|
}
|
|
}
|
|
mark = i + 1; // all escaped characters are ASCII
|
|
}
|
|
}
|
|
ob.push_str(&s[mark..]);
|
|
}
|
|
|
|
static HTML_ESCAPE_TABLE: [u8; 256] = [
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 1, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 3,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 5, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
];
|
|
|
|
static HTML_ESCAPES: [&'static str; 6] = [
|
|
"",
|
|
""",
|
|
"&",
|
|
"/",
|
|
"<",
|
|
">"
|
|
];
|
|
|
|
pub fn escape_html(ob: &mut String, s: &str, secure: bool) {
|
|
let size = s.len();
|
|
let bytes = s.as_bytes();
|
|
let mut mark = 0;
|
|
let mut i = 0;
|
|
while i < size {
|
|
match bytes[i..].iter().position(|&c| HTML_ESCAPE_TABLE[c as usize] != 0) {
|
|
Some(pos) => {
|
|
i += pos;
|
|
}
|
|
None => break
|
|
}
|
|
let c = bytes[i];
|
|
let escape = HTML_ESCAPE_TABLE[c as usize];
|
|
if escape != 0 && (secure || c != b'/') {
|
|
ob.push_str(&s[mark..i]);
|
|
ob.push_str(HTML_ESCAPES[escape as usize]);
|
|
mark = i + 1; // all escaped characters are ASCII
|
|
}
|
|
i += 1;
|
|
}
|
|
ob.push_str(&s[mark..]);
|
|
}
|