projects
/
shibboleth
/
cpp-xmltooling.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
https://issues.shibboleth.net/jira/browse/SSPCPP-185
[shibboleth/cpp-xmltooling.git]
/
xmltooling
/
util
/
TemplateEngine.cpp
diff --git
a/xmltooling/util/TemplateEngine.cpp
b/xmltooling/util/TemplateEngine.cpp
index
c9f44b8
..
7d3e7d8
100644
(file)
--- a/
xmltooling/util/TemplateEngine.cpp
+++ b/
xmltooling/util/TemplateEngine.cpp
@@
-1,6
+1,6
@@
/*
/*
- * Copyright 2001-200
7
Internet2
- *
+ * Copyright 2001-200
9
Internet2
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@
-16,8
+16,8
@@
/**
* TemplateEngine.cpp
/**
* TemplateEngine.cpp
- *
- * Simple template replacement engine.
+ *
+ * Simple template replacement engine.
*/
#include "internal.h"
*/
#include "internal.h"
@@
-35,6
+35,8
@@
void TemplateEngine::setTagPrefix(const char* tagPrefix)
ifnotendtag = string("</") + tagPrefix + "ifnot>";
}
ifnotendtag = string("</") + tagPrefix + "ifnot>";
}
+string TemplateEngine::unsafe_chars = "#%&():[]\\`{}";
+
void TemplateEngine::html_encode(ostream& os, const char* start) const
{
while (start && *start) {
void TemplateEngine::html_encode(ostream& os, const char* start) const
{
while (start && *start) {
@@
-42,10
+44,18
@@
void TemplateEngine::html_encode(ostream& os, const char* start) const
case '<': os << "<"; break;
case '>': os << ">"; break;
case '"': os << """; break;
case '<': os << "<"; break;
case '>': os << ">"; break;
case '"': os << """; break;
- case '#': os << "#"; break;
- case '%': os << "%"; break;
case '&': os << "&"; break;
case '\'': os << "'"; break;
case '&': os << "&"; break;
case '\'': os << "'"; break;
+
+ default:
+ if (unsafe_chars.find_first_of(*start) != string::npos)
+ os << "&#" << static_cast<short>(*start) << ';';
+ else
+ os << *start;
+
+ /*
+ case '#': os << "#"; break;
+ case '%': os << "%"; break;
case '(': os << "("; break;
case ')': os << ")"; break;
case ':': os << ":"; break;
case '(': os << "("; break;
case ')': os << ")"; break;
case ':': os << ":"; break;
@@
-56,6
+66,7
@@
void TemplateEngine::html_encode(ostream& os, const char* start) const
case '{': os << "{"; break;
case '}': os << "}"; break;
default: os << *start;
case '{': os << "{"; break;
case '}': os << "}"; break;
default: os << *start;
+ */
}
start++;
}
}
start++;
}
@@
-91,7
+102,7
@@
void TemplateEngine::process(
// Output the string up to this token.
if (visible)
os << buf.substr(lastpos-line, thispos-lastpos);
// Output the string up to this token.
if (visible)
os << buf.substr(lastpos-line, thispos-lastpos);
-
+
// Make sure this token matches our tokens.
#ifdef HAVE_STRCASECMP
if (visible && !strncasecmp(thispos, keytag.c_str(), keytag.length()))
// Make sure this token matches our tokens.
#ifdef HAVE_STRCASECMP
if (visible && !strncasecmp(thispos, keytag.c_str(), keytag.length()))
@@
-101,12
+112,12
@@
void TemplateEngine::process(
{
// Save this position off.
lastpos = thispos + keytag.length();
{
// Save this position off.
lastpos = thispos + keytag.length();
-
+
// search for the end-tag
if ((thispos = strstr(lastpos, "/>")) != NULL) {
string key = buf.substr(lastpos-line, thispos-lastpos);
trimspace(key);
// search for the end-tag
if ((thispos = strstr(lastpos, "/>")) != NULL) {
string key = buf.substr(lastpos-line, thispos-lastpos);
trimspace(key);
-
+
const char* p = parameters.getParameter(key.c_str());
if (!p && e)
p = e->getProperty(key.c_str());
const char* p = parameters.getParameter(key.c_str());
if (!p && e)
p = e->getProperty(key.c_str());
@@
-123,7
+134,7
@@
void TemplateEngine::process(
{
// Save this position off.
lastpos = thispos + iftag.length();
{
// Save this position off.
lastpos = thispos + iftag.length();
-
+
// search for the end of this tag
if ((thispos = strchr(lastpos, '>')) != NULL) {
string key = buf.substr(lastpos-line, thispos-lastpos);
// search for the end of this tag
if ((thispos = strchr(lastpos, '>')) != NULL) {
string key = buf.substr(lastpos-line, thispos-lastpos);
@@
-153,7
+164,7
@@
void TemplateEngine::process(
{
// Save this position off.
lastpos = thispos + ifnottag.length();
{
// Save this position off.
lastpos = thispos + ifnottag.length();
-
+
// search for the end of this tag
if ((thispos = strchr(lastpos, '>')) != NULL) {
string key = buf.substr(lastpos-line, thispos-lastpos);
// search for the end of this tag
if ((thispos = strchr(lastpos, '>')) != NULL) {
string key = buf.substr(lastpos-line, thispos-lastpos);
@@
-191,7
+202,7
@@
void TemplateEngine::run(istream& is, ostream& os, const TemplateParameters& par
string buf,line;
while (getline(is, line))
buf += line + '\n';
string buf,line;
while (getline(is, line))
buf += line + '\n';
-
+
const char* pos=buf.c_str();
process(true, buf, pos, os, parameters, e);
}
const char* pos=buf.c_str();
process(true, buf, pos, os, parameters, e);
}