- Timestamp:
- 2014-03-14T17:13:56+13:00 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp
r28888 r28898 125 125 } 126 126 127 text_t encodeForJavascript(const text_t& in, const text_t& immuneChars) { 128 text_t out; 129 text_t::const_iterator here = in.begin(); 130 text_t::const_iterator end = in.end(); 131 while (here != end) { 132 out += encodeForJavascript(immuneChars, *here); // IMMUNE_JAVASCRIPT by default 133 ++here; 134 } 135 return out; 136 } 127 text_t encodeForJavascript(const text_t& in, const text_t& immuneChars, bool dmsafe) { 128 text_t out; 129 text_t::const_iterator here = in.begin(); 130 text_t::const_iterator end = in.end(); 131 while (here != end) { 132 out += encodeForJavascript(immuneChars, *here, dmsafe); // IMMUNE_JAVASCRIPT by default 133 ++here; 134 } 135 return out; 136 } 137 137 138 138 139 text_t encodeForMySQL(const text_t& in, const text_t& immuneChars, const SQLMode mode) { … … 259 260 260 261 // http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java 261 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short in ) {262 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short in, bool dmsafe) { 262 263 263 264 text_t result = ""; … … 294 295 char hex_char[3]; 295 296 sprintf(hex_char,"%02X",in); 296 result = "\\x" + text_t(hex_char); 297 298 if(dmsafe) { // double escape backslashes for macro files 299 result = "\\\\x" + text_t(hex_char); 300 } else { 301 result = "\\x" + text_t(hex_char); 302 } 297 303 } 298 304 // otherwise encode with \\uHHHH … … 300 306 char hex_char[5]; 301 307 sprintf(hex_char,"%04X",in); 302 result = "\\u" + text_t(hex_char); 308 if(dmsafe) { // double escape backslashes for macro files 309 result = "\\\\u" + text_t(hex_char); 310 } else { 311 result = "\\u" + text_t(hex_char); 312 } 303 313 } 304 314
Note:
See TracChangeset
for help on using the changeset viewer.