99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
-
-
+
+
+
+
-
+
|
# wappInt-enc-url Escape text so that it is safe to pass as an
# argument to href= and src= attributes in HTML.
#
# wappInt-enc-qp Escape text so that it is safe to use as the
# value of a query parameter in a URL or in
# post data or in a cookie.
#
# wappInt-enc-string Escape ", ', and \ for using inside of a
# javascript string literal.
# wappInt-enc-string Escape ", ', \, and < for using inside of a
# javascript string literal. The < character
# is escaped to prevent "</script>" from causing
# problems in embedded javascript.
#
# wappInt-enc-unsafe Perform no encoding at all. Unsafe.
#
proc wappInt-enc-html {txt} {
return [string map {& & < < > >} $txt]
return [string map {& & < < > > \" " \\ \} $txt]
}
proc wappInt-enc-unsafe {txt} {
return $txt
}
proc wappInt-enc-url {s} {
if {[regsub -all {[^-{}@~?=#_.:/a-zA-Z0-9]} $s {[wappInt-%HHchar {&}]} s]} {
set s [subst -novar -noback $s]
|
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
-
+
|
}
if {[regsub -all {[{}]} $s {[wappInt-%HHchar \\&]} s]} {
set s [subst -novar -noback $s]
}
return $s
}
proc wappInt-enc-string {s} {
return [string map {\\ \\\\ \" \\\" ' \\'} $s]
return [string map {\\ \\\\ \" \\\" ' \\' < \\u003c} $s]
}
# This is a helper routine for wappInt-enc-url and wappInt-enc-qp. It returns
# an appropriate %HH encoding for the single character c. If c is a unicode
# character, then this routine might return multiple bytes: %HH%HH%HH
#
proc wappInt-%HHchar {c} {
|