utils: add uh_htmlescape() helper

The uh_htmlescape() function returns a copy of the given string with the
HTML special characters `<`, `>`, `"` and `'` replaced by HTML entities in
hexadecimal notation.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2 files changed, 43 insertions, 0 deletions

diff --git a/utils.c b/utils.c
index 9342eb6..1c61c41 100644
--- a/utils.c
+++ b/utils.c
@@ -249,3 +249,45 @@ bool uh_addr_rfc1918(struct uh_addr *addr)
 
 	return 0;
 }
+
+
+static bool is_html_special_char(char c)
+{
+	switch (c)
+	{
+	case 0x22:
+	case 0x26:
+	case 0x27:
+	case 0x3C:
+	case 0x3E:
+		return true;
+
+	default:
+		return false;
+	}
+}
+
+char *uh_htmlescape(const char *str)
+{
+	size_t len;
+	char *p, *copy;
+
+	for (p = str, len = 1; *p; p++)
+		if (is_html_special_char(*p))
+			len += 6; /* &#x??; */
+		else
+			len++;
+
+	copy = calloc(1, len);
+
+	if (!copy)
+		return NULL;
+
+	for (p = copy; *str; str++)
+		if (is_html_special_char(*str))
+			p += sprintf(p, "&#x%02x;", (unsigned int)*str);
+		else
+			*p++ = *str;
+
+	return copy;
+}
diff --git a/utils.h b/utils.h
index c583f45..093deff 100644
--- a/utils.h
+++ b/utils.h
@@ -73,5 +73,6 @@ int uh_b64decode(char *buf, int blen, const void *src, int slen);
 bool uh_path_match(const char *prefix, const char *url);
 char *uh_split_header(char *str);
 bool uh_addr_rfc1918(struct uh_addr *addr);
+char *uh_htmlescape(const char *src);
 
 #endif