andre/cosmopolitan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
09bcfa23d5434b06597b35152963cc4ef790939c
cosmopolitan/net/http/escapejsstringliteral.c
Justine Tunney 09bcfa23d5 Make major improvements to redbean 
- lua server pages
- lua http library
- http v0.9 support
- request uri parsing
- fork failure recovery
- accelerated redirects
- http pipelining support
- lenient message framing
- html / uri / js escaping
- fix shutdown signal handling
2021-03-25 02:24:05 -07:00

136 lines
4.5 KiB
C
Raw Blame History

/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
╞══════════════════════════════════════════════════════════════════════════════╡
│ Copyright 2021 Justine Alexandra Roberts Tunney │
│ │
│ Permission to use, copy, modify, and/or distribute this software for │
│ any purpose with or without fee is hereby granted, provided that the │
│ above copyright notice and this permission notice appear in all copies. │
│ │
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
│ PERFORMANCE OF THIS SOFTWARE. │
╚─────────────────────────────────────────────────────────────────────────────*/
#include "libc/str/thompike.h"
#include "libc/str/utf16.h"
#include "libc/x/x.h"
#include "net/http/escape.h"
/**
* Escapes UTF-8 data for JavaScript or JSON string literal.
*
* HTML entities and forward slash are escaped too for added safety.
*
* We assume the UTF-8 is well-formed and can be represented as UTF-16.
* Things that can't be decoded or encoded will be replaced with invalid
* code-point markers. This function is agnostic to numbers that have
* been used with malicious intent in the past under buggy software.
* Noncanonical encodings such as overlong NUL are canonicalized as NUL.
*/
struct EscapeResult EscapeJsStringLiteral(const char *data, size_t size) {
char *p;
size_t i;
unsigned n;
uint64_t w;
wint_t x, y;
struct EscapeResult r;
p = r.data = xmalloc(size * 6 + 6 + 1);
for (i = 0; i < size;) {
x = data[i++] & 0xff;
if (x >= 0200) {
if (x >= 0300) {
n = ThomPikeLen(x);
x = ThomPikeByte(x);
while (--n) {
if (i < size) {
y = data[i++] & 0xff;
if (ThomPikeCont(y)) {
x = ThomPikeMerge(x, y);
} else {
x = 0xFFFD;
break;
}
} else {
x = 0xFFFD;
break;
}
}
} else {
x = 0xFFFD;
}
}
switch (x) {
case '\t':
p[0] = '\\';
p[1] = 't';
p += 2;
break;
case '\n':
p[0] = '\\';
p[1] = 'n';
p += 2;
break;
case '\r':
p[0] = '\\';
p[1] = 'r';
p += 2;
break;
case '\f':
p[0] = '\\';
p[1] = 'f';
p += 2;
break;
case '\\':
p[0] = '\\';
p[1] = '\\';
p += 2;
break;
case '/':
p[0] = '\\';
p[1] = '/';
p += 2;
break;
case '"':
p[0] = '\\';
p[1] = '"';
p += 2;
break;
case '\'':
p[0] = '\\';
p[1] = '\'';
p += 2;
break;
default:
if (0x20 <= x && x < 0x7F) {
*p++ = x;
break;
}
/* fallthrough */
case '<':
case '>':
case '&':
case '=':
w = EncodeUtf16(x);
do {
p[0] = '\\';
p[1] = 'u';
p[2] = "0123456789ABCDEF"[(w & 0xF000) >> 014];
p[3] = "0123456789ABCDEF"[(w & 0x0F00) >> 010];
p[4] = "0123456789ABCDEF"[(w & 0x00F0) >> 004];
p[5] = "0123456789ABCDEF"[(w & 0x000F) >> 000];
p += 6;
} while ((w >>= 16));
break;
}
}
r.size = p - r.data;
r.data = xrealloc(r.data, r.size + 1);
r.data[r.size] = '\0';
return r;
}
Reference in New Issue View Git Blame Copy Permalink