w3m

Unnamed repository; edit this file to name it for gitweb.
git clone https://logand.com/git/w3m.git/
Log | Files | Refs | README
commit 9575fc812c983ac82179b7478a91e5982be1baed
parent 97076d0cdadce963be63a40c2107012155627b83
Author: ukai <ukai>
Date:   Tue, 26 Nov 2002 16:58:48 +0000

w3m 0.3.2.1 security fix
* frame.c (createFrameFile): html_quote()
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>

Diffstat:

MChangeLog | 5+++++


Mframe.c | 16+++++++++-------


2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,10 @@
 2002-11-27  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
 
+	* w3m 0.3.2.1 security fix
+	* frame.c (createFrameFile): html_quote()
+
+2002-11-27  Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
+
 	* [w3m-dev 03486] fix of displayLineInfo
 	* display.c (displayBuffer): don't divide by 0
 
diff --git a/frame.c b/frame.c
@@ -519,14 +519,15 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 		    frame.body->attr = F_UNLOADED;
 		    if (frame.body->flags & FB_NO_BUFFER)
 			fprintf(f1, "Open %s with other method",
-				frame.body->url);
+				html_quote(frame.body->url));
 		    else if (frame.body->url)
-			fprintf(f1, "Can't open %s", frame.body->url);
+			fprintf(f1, "Can't open %s",
+				html_quote(frame.body->url));
 		    else
 			fprintf(f1,
 				"This frame (%s) contains no src attribute",
-				frame.body->name ? frame.body->
-				name : "(no name)");
+				frame.body->name ? html_quote(frame.body->name)
+				: "(no name)");
 		    break;
 		}
 		parseURL2(frame.body->url, &base, currentURL);
@@ -620,7 +621,7 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 			    /* prohibit_tags */
 			    Strshrinkfirst(tok, 1);
 			    Strshrink(tok, 1);
-			    fprintf(f1, "<!-- %s -->", tok->ptr);
+			    fprintf(f1, "<!-- %s -->", html_quote(tok->ptr));
 			    goto token_end;
 			case HTML_TABLE:
 			    t_stack++;
@@ -633,7 +634,7 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 				Strshrink(tok, 1);
 				fprintf(f1,
 					"<!-- table stack underflow: %s -->",
-					tok->ptr);
+					html_quote(tok->ptr));
 				goto token_end;
 			    }
 			    break;
@@ -653,7 +654,8 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level,
 			    if (!t_stack) {
 				Strshrinkfirst(tok, 1);
 				Strshrink(tok, 1);
-				fprintf(f1, "<!-- %s -->", tok->ptr);
+				fprintf(f1, "<!-- %s -->",
+					html_quote(tok->ptr));
 				goto token_end;
 
 			    }