Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(parser) properly escape ' and " in HTML output (#2564)
* escape quotes also in final HTML output * [style] update test coding style * update markup tests with new escaping This shouldn't be a security issue -- we've always escaped double quotes inside of HTML attribute values (where they could be used to break out of context) - and we've always used double quotes for enclosing attribute values. This just goes all the way and now properly escapes quotes everywhere. Better safe than sorry.
- Loading branch information
1 parent
a6f0a34
commit 3e9c1b1
Showing
156 changed files
with
650 additions
and
634 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
<span class="hljs-number">20.164.151.111</span> - - <span class="hljs-string">[20/Aug/2015:22:20:18 -0400]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /mywebpage/index.php HTTP/1.1"</span> <span class="hljs-number">403</span> <span class="hljs-number">772</span> <span class="hljs-string">"-"</span> <span class="hljs-string">"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"</span> | ||
<span class="hljs-number">127.0.0.1</span> user-identifier frank <span class="hljs-string">[10/Oct/2000:13:55:36 -0700]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /apache_pb.gif HTTP/1.0"</span> <span class="hljs-number">200</span> <span class="hljs-number">2326</span> | ||
<span class="hljs-number">192.168.2.20</span> - - <span class="hljs-string">[28/Jul/2006:10:27:10 -0300]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /cgi-bin/try/ HTTP/1.0"</span> <span class="hljs-number">200</span> <span class="hljs-number">3395</span> | ||
<span class="hljs-number">127.0.0.90</span> - - <span class="hljs-string">[13/Sep/2006:07:00:53 -0700]</span> <span class="hljs-string">"PROPFIND /svn/some_url/Extranet/branches/SOW-101 HTTP/1.1"</span> <span class="hljs-number">401</span> <span class="hljs-number">587</span> | ||
<span class="hljs-number">66.249.78.17</span> – – <span class="hljs-string">[13/Jul/2015:07:18:58 -0400]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /robots.txt HTTP/1.1"</span> <span class="hljs-number">200</span> <span class="hljs-number">0</span> <span class="hljs-string">"-"</span> <span class="hljs-string">"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"</span> | ||
<span class="hljs-number">20.164.151.111</span> - - <span class="hljs-string">[20/Aug/2015:22:20:18 -0400]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /mywebpage/index.php HTTP/1.1"</span> <span class="hljs-number">403</span> <span class="hljs-number">772</span> <span class="hljs-string">"-"</span> <span class="hljs-string">"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"</span> | ||
<span class="hljs-number">127.0.0.1</span> user-identifier frank <span class="hljs-string">[10/Oct/2000:13:55:36 -0700]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /apache_pb.gif HTTP/1.0"</span> <span class="hljs-number">200</span> <span class="hljs-number">2326</span> | ||
<span class="hljs-number">192.168.2.20</span> - - <span class="hljs-string">[28/Jul/2006:10:27:10 -0300]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /cgi-bin/try/ HTTP/1.0"</span> <span class="hljs-number">200</span> <span class="hljs-number">3395</span> | ||
<span class="hljs-number">127.0.0.90</span> - - <span class="hljs-string">[13/Sep/2006:07:00:53 -0700]</span> <span class="hljs-string">"PROPFIND /svn/some_url/Extranet/branches/SOW-101 HTTP/1.1"</span> <span class="hljs-number">401</span> <span class="hljs-number">587</span> | ||
<span class="hljs-number">66.249.78.17</span> – – <span class="hljs-string">[13/Jul/2015:07:18:58 -0400]</span> <span class="hljs-string">"<span class="hljs-keyword">GET</span> /robots.txt HTTP/1.1"</span> <span class="hljs-number">200</span> <span class="hljs-number">0</span> <span class="hljs-string">"-"</span> <span class="hljs-string">"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"</span> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
<span class="hljs-comment"># Escaped double-quote is not a string</span> | ||
<span class="hljs-built_in">echo</span> <span class="hljs-string">'"quoted"'</span> | tr -d \" > text.txt | ||
<span class="hljs-built_in">echo</span> <span class="hljs-string">'"quoted"'</span> | tr -d \" > text.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
<span class="hljs-comment"># numbers aren't highlighted in bash as their semantics is</span> | ||
<span class="hljs-comment"># numbers aren't highlighted in bash as their semantics is</span> | ||
<span class="hljs-comment"># not strictly defined for command line parameters</span> | ||
$ tail -10 access.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
SCRIPT_DIR=<span class="hljs-string">"<span class="hljs-subst">$( cd <span class="hljs-string">"<span class="hljs-subst">$( dirname <span class="hljs-string">"<span class="hljs-variable">${BASH_SOURCE[0]}</span>"</span> )</span>"</span> >/dev/null 2>&1 && pwd )</span>"</span> | ||
TLS_DIR=<span class="hljs-string">"<span class="hljs-variable">$SCRIPT_DIR</span>/../src/main/resources/tls"</span> | ||
ROOT_DIR=<span class="hljs-string">"<span class="hljs-variable">$SCRIPT_DIR</span>/.."</span> | ||
SCRIPT_DIR=<span class="hljs-string">"<span class="hljs-subst">$( cd <span class="hljs-string">"<span class="hljs-subst">$( dirname <span class="hljs-string">"<span class="hljs-variable">${BASH_SOURCE[0]}</span>"</span> )</span>"</span> >/dev/null 2>&1 && pwd )</span>"</span> | ||
TLS_DIR=<span class="hljs-string">"<span class="hljs-variable">$SCRIPT_DIR</span>/../src/main/resources/tls"</span> | ||
ROOT_DIR=<span class="hljs-string">"<span class="hljs-variable">$SCRIPT_DIR</span>/.."</span> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.