diff options
| author | Fumitoshi UKAI <ukai@debian.or.jp> | 2002-11-26 16:58:48 +0000 |
|---|---|---|
| committer | Fumitoshi UKAI <ukai@debian.or.jp> | 2002-11-26 16:58:48 +0000 |
| commit | 10daaf6c941da76e27b716d18d7b173de086ba02 (patch) | |
| tree | f236f0320b62e35776835267515bad8fa5a7eab4 | |
| parent | [w3m-dev 03486] fix of displayLineInfo (diff) | |
| download | w3m-10daaf6c941da76e27b716d18d7b173de086ba02.tar.gz w3m-10daaf6c941da76e27b716d18d7b173de086ba02.zip | |
w3m 0.3.2.1 security fix
* frame.c (createFrameFile): html_quote()
From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | frame.c | 18 |
2 files changed, 16 insertions, 9 deletions
@@ -1,5 +1,10 @@ 2002-11-27 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + * w3m 0.3.2.1 security fix + * frame.c (createFrameFile): html_quote() + +2002-11-27 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> + * [w3m-dev 03486] fix of displayLineInfo * display.c (displayBuffer): don't divide by 0 @@ -5161,4 +5166,4 @@ a * [w3m-dev 03276] compile error on EWS4800 * release-0-2-1 * import w3m-0.2.1 -$Id: ChangeLog,v 1.559 2002/11/26 16:57:39 ukai Exp $ +$Id: ChangeLog,v 1.560 2002/11/26 16:58:48 ukai Exp $ @@ -1,4 +1,4 @@ -/* $Id: frame.c,v 1.17 2002/11/05 15:56:13 ukai Exp $ */ +/* $Id: frame.c,v 1.18 2002/11/26 16:58:49 ukai Exp $ */ #include "fm.h" #include "parsetagx.h" #include "myctype.h" @@ -519,14 +519,15 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level, frame.body->attr = F_UNLOADED; if (frame.body->flags & FB_NO_BUFFER) fprintf(f1, "Open %s with other method", - frame.body->url); + html_quote(frame.body->url)); else if (frame.body->url) - fprintf(f1, "Can't open %s", frame.body->url); + fprintf(f1, "Can't open %s", + html_quote(frame.body->url)); else fprintf(f1, "This frame (%s) contains no src attribute", - frame.body->name ? frame.body-> - name : "(no name)"); + frame.body->name ? html_quote(frame.body->name) + : "(no name)"); break; } parseURL2(frame.body->url, &base, currentURL); @@ -620,7 +621,7 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level, /* prohibit_tags */ Strshrinkfirst(tok, 1); Strshrink(tok, 1); - fprintf(f1, "<!-- %s -->", tok->ptr); + fprintf(f1, "<!-- %s -->", html_quote(tok->ptr)); goto token_end; case HTML_TABLE: t_stack++; @@ -633,7 +634,7 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level, Strshrink(tok, 1); fprintf(f1, "<!-- table stack underflow: %s -->", - tok->ptr); + html_quote(tok->ptr)); goto token_end; } break; @@ -653,7 +654,8 @@ createFrameFile(struct frameset *f, FILE * f1, Buffer *current, int level, if (!t_stack) { Strshrinkfirst(tok, 1); Strshrink(tok, 1); - fprintf(f1, "<!-- %s -->", tok->ptr); + fprintf(f1, "<!-- %s -->", + html_quote(tok->ptr)); goto token_end; } |