a5e08f7bcc
I installed the rails_xss plugin, for the main purpose of seeing what will break with Rails 3.0 (where the behaviour of the plugin is the default). I think I've fixed everything, but let me know if you see stuff that is HTML-escaped, which shouldn't be. As a side benefit, we now use Erubis, rather than ERB, to render templates. They tell me it's faster ...
43 lines
802 B
Plaintext
43 lines
802 B
Plaintext
<?c
|
|
#include <stdio.h>
|
|
|
|
void escape(char *str, FILE *out);
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int i;
|
|
|
|
?>
|
|
<p>Hello @!{argv[0]}@!</p>
|
|
<table>
|
|
<tbody>
|
|
<?c for (i = 1; i < argc; i++) { ?>
|
|
<tr bgcolor="@{i % 2 == 0 ? "#FFCCCC" : "#CCCCFF"}@">
|
|
<td>@!{"%d", i}@</td>
|
|
<td>@{argv[i]}@</td>
|
|
</tr>
|
|
<?c } ?>
|
|
</tbody>
|
|
</table>
|
|
<?c
|
|
|
|
return 0;
|
|
}
|
|
|
|
void escape(char *str, FILE *out)
|
|
{
|
|
char *pch;
|
|
for (pch = str; *pch != '\0'; pch++) {
|
|
switch (*pch) {
|
|
case '&': fputs("&", out); break;
|
|
case '>': fputs(">", out); break;
|
|
case '<': fputs("<", out); break;
|
|
case '"': fputs(""", out); break;
|
|
case '\'': fputs("'", out); break;
|
|
default: fputc(*pch, out);
|
|
}
|
|
}
|
|
}
|
|
|
|
?>
|