diff options
author | ZhangYunHao <zhangyunhao116@gmail.com> | 2022-03-15 16:39:40 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-15 09:39:40 +0100 |
commit | f7423e3def0565dc581debc6549601b613f34fa9 (patch) | |
tree | a418908a7992b0d403a5b00d830cc06eb3b0063c /bytesconv.go | |
parent | Read response when client closes connection #1232 (#1233) (diff) | |
download | fasthttp-f7423e3def0565dc581debc6549601b613f34fa9.tar.gz fasthttp-f7423e3def0565dc581debc6549601b613f34fa9.tar.bz2 fasthttp-f7423e3def0565dc581debc6549601b613f34fa9.zip |
Fix AppendHTMLEscape (#1248)
Diffstat (limited to 'bytesconv.go')
-rw-r--r-- | bytesconv.go | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/bytesconv.go b/bytesconv.go index bf582af..a35b606 100644 --- a/bytesconv.go +++ b/bytesconv.go @@ -19,7 +19,8 @@ import ( // AppendHTMLEscape appends html-escaped s to dst and returns the extended dst. func AppendHTMLEscape(dst []byte, s string) []byte { - if strings.IndexByte(s, '<') < 0 && + if strings.IndexByte(s, '&') < 0 && + strings.IndexByte(s, '<') < 0 && strings.IndexByte(s, '>') < 0 && strings.IndexByte(s, '"') < 0 && strings.IndexByte(s, '\'') < 0 { @@ -34,14 +35,16 @@ func AppendHTMLEscape(dst []byte, s string) []byte { for i, n := 0, len(s); i < n; i++ { sub = "" switch s[i] { + case '&': + sub = "&" case '<': sub = "<" case '>': sub = ">" case '"': - sub = """ + sub = """ // """ is shorter than """. case '\'': - sub = "'" + sub = "'" // "'" is shorter than "'" and apos was not in HTML until HTML5. } if len(sub) > 0 { dst = append(dst, s[prev:i]...) |