[nongnu] elpa/htmlize 1ea27b3 071/134: Escape double quote in attribute

emacs-elpa-diffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[nongnu] elpa/htmlize 1ea27b3 071/134: Escape double quote in attribute

From:	ELPA Syncer
Subject:	[nongnu] elpa/htmlize 1ea27b3 071/134: Escape double quote in attribute values.
Date:	Sat, 7 Aug 2021 09:17:09 -0400 (EDT)

branch: elpa/htmlize
commit 1ea27b320b697990faaa0f00786a5d199158106b
Author: Hrvoje Niksic <hniksic@gmail.com>
Commit: Hrvoje Niksic <hniksic@gmail.com>

    Escape double quote in attribute values.
---
 htmlize.el | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/htmlize.el b/htmlize.el
index a6dd316..8cffbd8 100644
--- a/htmlize.el
+++ b/htmlize.el
@@ -388,7 +388,7 @@ next-single-char-property-change")))
      (aref table ?>) "&gt;"
      ;; Not escaping '"' buys us a measurable speedup.  It's only
      ;; necessary to quote it for strings used in attribute values,
-     ;; which htmlize doesn't do.
+     ;; which htmlize doesn't typically do.
      ;(aref table ?\") "&quot;"
      )
     table))
@@ -439,6 +439,18 @@ next-single-char-property-change")))
                         (char-to-string char)))))
               string "")))
 
+(defun htmlize-attr-escape (string)
+  ;; Like htmlize-protect-string, but also escapes double-quoted
+  ;; strings to make it usable in attribute values.
+  (setq string (htmlize-protect-string string))
+  (if (not (string-match "\"" string))
+      string
+    (mapconcat (lambda (char)
+                 (if (eql char ?\")
+                     "&quot;"
+                   (char-to-string char)))
+               string "")))
+
 (defsubst htmlize-concat (list)
   (if (and (consp list) (null (cdr list)))
       ;; Don't create a new string in the common case where the list only
@@ -513,14 +525,14 @@ list."
 (defun htmlize-generate-image (imgprops origtext)
   (let ((alt (if (zerop (length origtext))
                  ""
-               (format " alt=\"%s\"" (htmlize-protect-string origtext)))))
+               (format " alt=\"%s\"" (htmlize-attr-escape origtext)))))
     (cond ((plist-get imgprops :file)
            ;; Try to find the image in image-load-path
            (let* ((found-props (cdr (find-image (list imgprops))))
                   (file (or (plist-get found-props :file)
                             (plist-get imgprops :file))))
              (format "<img src=\"%s\"%s />"
-                     (htmlize-protect-string (file-relative-name file))
+                     (htmlize-attr-escape (file-relative-name file))
                      alt)))
           ((plist-get imgprops :data)
            (format "<img src=\"data:image/%s;base64,%s\"%s />"

[Prev in Thread]

Current Thread

[Next in Thread]

[nongnu] elpa/htmlize 97b6b8d 078/134: Escape link text., (continued)
- [nongnu] elpa/htmlize 97b6b8d 078/134: Escape link text., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 5ce4c6e 083/134: Support XEmacs again., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize aa6e2f6 096/134: Removed support for GNU Emacs 21., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 29f3960 104/134: Nicer readme., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize fb85e84 005/134: Version 0.45., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 94faffa 056/134: Just use `locate-file'., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 3551c6b 063/134: Respect `before-string' and `after-string' overlay properties., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 3ed76d8 065/134: Use find-image to find the actual location of the image file in image-load-path., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 73333fc 068/134: Add an option `htmlize-use-images' to turn off image generation., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 5e04b38 072/134: Improve docs., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 1ea27b3 071/134: Escape double quote in attribute values., ELPA Syncer <=
- [nongnu] elpa/htmlize 18693fd 081/134: Bumped version., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 4f0e317 085/134: Show `display' strings with the `htmlize-literal' property as raw HTML., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 4538849 088/134: Bumped version., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 0a17c7c 087/134: It's `htmlize-running-xemacs', not `running-xemacs'., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 6f9bb1f 100/134: Bump version., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize f74ea31 106/134: Bump version., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 32c69e9 108/134: Add htmlize-face-overrides., ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 1f7bd72 110/134: Update supported version from 21 -> 22 in README, ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize 06772e6 117/134: Don't use `alist-get', it is not available in Emacs 24. (#17), ELPA Syncer, 2021/08/07
- [nongnu] elpa/htmlize a872d6b 119/134: Bump version., ELPA Syncer, 2021/08/07

Prev by Date: [nongnu] elpa/htmlize 5e04b38 072/134: Improve docs.
Next by Date: [nongnu] elpa/htmlize 18693fd 081/134: Bumped version.
Previous by thread: [nongnu] elpa/htmlize 5e04b38 072/134: Improve docs.
Next by thread: [nongnu] elpa/htmlize 18693fd 081/134: Bumped version.
Index(es):
- Date
- Thread