Fossil SCM
Corrected help_to_html() to escape less-than signs so that script tags in help text do not break the page. Removed a semantically illegal P tag from the HTML-format help.
Commit
9850dd3f22db7e09388e1b9d3b964e196a8214669e02989a47c833054efa5a3d
Parent
b5496da66fd49fc…
1 file changed
+10
-2
+10
-2
| --- src/dispatch.c | ||
| +++ src/dispatch.c | ||
| @@ -343,17 +343,22 @@ | ||
| 343 | 343 | azEnd[0] = ""; |
| 344 | 344 | while( zHelp[0] ){ |
| 345 | 345 | i = 0; |
| 346 | 346 | while( (c = zHelp[i])!=0 |
| 347 | 347 | && c!='\n' |
| 348 | + && c!='<' | |
| 348 | 349 | && (c!='%' || strncmp(zHelp+i,"%fossil",7)!=0) |
| 349 | 350 | ){ i++; } |
| 350 | 351 | if( c=='%' ){ |
| 351 | 352 | if( i ) blob_appendf(pHtml, "%#h", i, zHelp); |
| 352 | 353 | zHelp += i + 1; |
| 353 | - i = 0; | |
| 354 | 354 | wantBR = 1; |
| 355 | + continue; | |
| 356 | + }else if( c=='<' ){ | |
| 357 | + if( i ) blob_appendf(pHtml, "%#h", i, zHelp); | |
| 358 | + blob_append(pHtml, "&", 5); | |
| 359 | + zHelp += i + 1; | |
| 355 | 360 | continue; |
| 356 | 361 | } |
| 357 | 362 | if( i>2 && zHelp[0]=='>' && zHelp[1]==' ' ){ |
| 358 | 363 | isDT = 1; |
| 359 | 364 | for(nIndent=1; nIndent<i && zHelp[nIndent]==' '; nIndent++){} |
| @@ -408,11 +413,14 @@ | ||
| 408 | 413 | } |
| 409 | 414 | if( isLI ){ |
| 410 | 415 | blob_append(pHtml, "<li> ", 5); |
| 411 | 416 | } |
| 412 | 417 | if( wantP ){ |
| 413 | - blob_append(pHtml, "<p> ", 4); | |
| 418 | + /* We historically output a <P> tag here but that is | |
| 419 | + semantically illegal (P may only contain inline elements) and | |
| 420 | + browsers were automatically relocating its contents after the | |
| 421 | + P in the DOM. */ | |
| 414 | 422 | wantP = 0; |
| 415 | 423 | } |
| 416 | 424 | if( azEnd[iLevel]==zEndDL ){ |
| 417 | 425 | int iDD; |
| 418 | 426 | blob_append(pHtml, "<dt> ", 5); |
| 419 | 427 |
| --- src/dispatch.c | |
| +++ src/dispatch.c | |
| @@ -343,17 +343,22 @@ | |
| 343 | azEnd[0] = ""; |
| 344 | while( zHelp[0] ){ |
| 345 | i = 0; |
| 346 | while( (c = zHelp[i])!=0 |
| 347 | && c!='\n' |
| 348 | && (c!='%' || strncmp(zHelp+i,"%fossil",7)!=0) |
| 349 | ){ i++; } |
| 350 | if( c=='%' ){ |
| 351 | if( i ) blob_appendf(pHtml, "%#h", i, zHelp); |
| 352 | zHelp += i + 1; |
| 353 | i = 0; |
| 354 | wantBR = 1; |
| 355 | continue; |
| 356 | } |
| 357 | if( i>2 && zHelp[0]=='>' && zHelp[1]==' ' ){ |
| 358 | isDT = 1; |
| 359 | for(nIndent=1; nIndent<i && zHelp[nIndent]==' '; nIndent++){} |
| @@ -408,11 +413,14 @@ | |
| 408 | } |
| 409 | if( isLI ){ |
| 410 | blob_append(pHtml, "<li> ", 5); |
| 411 | } |
| 412 | if( wantP ){ |
| 413 | blob_append(pHtml, "<p> ", 4); |
| 414 | wantP = 0; |
| 415 | } |
| 416 | if( azEnd[iLevel]==zEndDL ){ |
| 417 | int iDD; |
| 418 | blob_append(pHtml, "<dt> ", 5); |
| 419 |
| --- src/dispatch.c | |
| +++ src/dispatch.c | |
| @@ -343,17 +343,22 @@ | |
| 343 | azEnd[0] = ""; |
| 344 | while( zHelp[0] ){ |
| 345 | i = 0; |
| 346 | while( (c = zHelp[i])!=0 |
| 347 | && c!='\n' |
| 348 | && c!='<' |
| 349 | && (c!='%' || strncmp(zHelp+i,"%fossil",7)!=0) |
| 350 | ){ i++; } |
| 351 | if( c=='%' ){ |
| 352 | if( i ) blob_appendf(pHtml, "%#h", i, zHelp); |
| 353 | zHelp += i + 1; |
| 354 | wantBR = 1; |
| 355 | continue; |
| 356 | }else if( c=='<' ){ |
| 357 | if( i ) blob_appendf(pHtml, "%#h", i, zHelp); |
| 358 | blob_append(pHtml, "&", 5); |
| 359 | zHelp += i + 1; |
| 360 | continue; |
| 361 | } |
| 362 | if( i>2 && zHelp[0]=='>' && zHelp[1]==' ' ){ |
| 363 | isDT = 1; |
| 364 | for(nIndent=1; nIndent<i && zHelp[nIndent]==' '; nIndent++){} |
| @@ -408,11 +413,14 @@ | |
| 413 | } |
| 414 | if( isLI ){ |
| 415 | blob_append(pHtml, "<li> ", 5); |
| 416 | } |
| 417 | if( wantP ){ |
| 418 | /* We historically output a <P> tag here but that is |
| 419 | semantically illegal (P may only contain inline elements) and |
| 420 | browsers were automatically relocating its contents after the |
| 421 | P in the DOM. */ |
| 422 | wantP = 0; |
| 423 | } |
| 424 | if( azEnd[iLevel]==zEndDL ){ |
| 425 | int iDD; |
| 426 | blob_append(pHtml, "<dt> ", 5); |
| 427 |