| blob | c07d7587b36fc21b94e2b69c0e776922844cad32 |
1 Subject: [PATCH] gitweb: do not use undeclared entities
3 The XML specification requires that all XML processors
4 MUST recognize these five entities:
6 <
7 >
8 &
9 '
10 "
12 whether the are declared or not. Note that neither
13 nor ⋅ are listed.
15 That means and ⋅ can only be used if they
16 are declared otherwise a bad XML document will be
17 created.
19 Replace with   and ⋅ with ·
20 so that declarations are not required.
22 Note that ⋅ is actually U+22C5 "DOT OPERATOR" which
23 is just wrong since we're displaying text not mathematical
24 formulas so we replace it with the much more correct
25 U+00B7 "MIDDLE DOT" instead.
27 We could just guarantee that the entities in question
28 are declared in the XML header, however, if that gets
29 stripped off leaving us with a bare html top-level
30 tag the document would become invalid, so we don't take
31 that route.
33 Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
34 ---
35 gitweb/gitweb.perl | 40 ++++++++++++++++++++--------------------
36 1 file changed, 20 insertions(+), 20 deletions(-)
38 diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
39 index e4281229..c2879a09 100755
40 --- a/gitweb/gitweb.perl
41 +++ b/gitweb/gitweb.perl
42 @@ -1689,7 +1689,7 @@ sub esc_html {
43 $str = to_utf8($str);
44 $str = $cgi->escapeHTML($str);
45 if ($opts{'-nbsp'}) {
46 - $str =~ s/ / /g;
47 + $str =~ s/ / /g;
48 }
49 $str =~ s|([[:cntrl:]])|(($1 ne "\t") ? quot_cec($1) : $1)|eg;
50 return $str;
51 @@ -1705,7 +1705,7 @@ sub esc_path {
52 $str = to_utf8($str);
53 $str = $cgi->escapeHTML($str);
54 if ($opts{'-nbsp'}) {
55 - $str =~ s/ / /g;
56 + $str =~ s/ / /g;
57 }
58 $str =~ s|([[:cntrl:]])|quot_cec($1)|eg;
59 return $str;
60 @@ -2254,8 +2254,8 @@ sub gravatar_url {
61 # is enabled.
62 sub git_get_avatar {
63 my ($email, %opts) = @_;
64 - my $pre_white = ($opts{-pad_before} ? " " : "");
65 - my $post_white = ($opts{-pad_after} ? " " : "");
66 + my $pre_white = ($opts{-pad_before} ? " " : "");
67 + my $post_white = ($opts{-pad_after} ? " " : "");
68 $opts{-size} ||= 'default';
69 my $size = $avatar_size{$opts{-size}} || $avatar_size{'default'};
70 my $url = "";
71 @@ -3069,9 +3069,9 @@ sub git_populate_project_tagcloud {
72 # Pad the title with spaces so that the cloud looks
73 # less crammed.
74 my $title = esc_html($ctags_lc{$ctag}->{topname});
75 - $title =~ s/ / /g;
76 - $title =~ s/^/ /g;
77 - $title =~ s/$/ /g;
78 + $title =~ s/ / /g;
79 + $title =~ s/^/ /g;
80 + $title =~ s/$/ /g;
81 if (defined $matched && $matched eq $ctag) {
82 $title = qq(<span class="match">$title</span>);
83 }
84 @@ -4527,19 +4527,19 @@ sub format_paging_nav {
85 if ($page > 0) {
86 $paging_nav .=
87 $cgi->a({-href => href(-replay=>1, page=>undef)}, "first") .
88 - " ⋅ " .
89 + " · " .
90 $cgi->a({-href => href(-replay=>1, page=>$page-1),
91 -accesskey => "p", -title => "Alt-p"}, "prev");
92 } else {
93 - $paging_nav .= "first ⋅ prev";
94 + $paging_nav .= "first · prev";
95 }
97 if ($has_next_link) {
98 - $paging_nav .= " ⋅ " .
99 + $paging_nav .= " · " .
100 $cgi->a({-href => href(-replay=>1, page=>$page+1),
101 -accesskey => "n", -title => "Alt-n"}, "next");
102 } else {
103 - $paging_nav .= " ⋅ next";
104 + $paging_nav .= " · next";
105 }
107 return $paging_nav;
108 @@ -4998,7 +4998,7 @@ sub git_difftree_body {
109 -title => 'commitdiff to parent number ' .
110 ($i+1) . ': ' . substr($par,0,7)},
111 $i+1) .
112 - " </th>\n";
113 + " </th>\n";
114 }
115 print "</tr></thead>\n<tbody>\n";
116 }
117 @@ -6357,7 +6357,7 @@ sub git_tags_body {
118 if ($tag{'type'} eq "tag") {
119 print $cgi->a({-href => href(action=>"tag", hash=>$tag{'id'})}, "tag");
120 } else {
121 - print " ";
122 + print " ";
123 }
124 print "</td>\n" .
125 "<td class=\"link\">" . " | " .
126 @@ -6532,20 +6532,20 @@ sub git_search_message {
127 $paging_nav .=
128 $cgi->a({-href => href(-replay=>1, page=>undef)},
129 "first") .
130 - " ⋅ " .
131 + " · " .
132 $cgi->a({-href => href(-replay=>1, page=>$page-1),
133 -accesskey => "p", -title => "Alt-p"}, "prev");
134 } else {
135 - $paging_nav .= "first ⋅ prev";
136 + $paging_nav .= "first · prev";
137 }
138 my $next_link = '';
139 if ($#commitlist >= 100) {
140 $next_link =
141 $cgi->a({-href => href(-replay=>1, page=>$page+1),
142 -accesskey => "n", -title => "Alt-n"}, "next");
143 - $paging_nav .= " ⋅ $next_link";
144 + $paging_nav .= " · $next_link";
145 } else {
146 - $paging_nav .= " ⋅ next";
147 + $paging_nav .= " · next";
148 }
150 git_header_html();
151 @@ -6928,7 +6928,7 @@ sub git_summary {
152 git_header_html();
153 git_print_page_nav('summary','', $head);
155 - print "<div class=\"title\"> </div>\n";
156 + print "<div class=\"title\"> </div>\n";
157 print "<table class=\"projects_list\">\n" .
158 "<tr id=\"metadata_desc\"><td>description</td><td>" . esc_html($descr) . "</td></tr>\n";
159 if ($owner and not $omit_owner) {
160 @@ -7622,7 +7622,7 @@ sub git_tree {
161 undef $up unless $up;
162 # based on git_print_tree_entry
163 print '<td class="mode">' . mode_str('040000') . "</td>\n";
164 - print '<td class="size"> </td>'."\n" if $show_sizes;
165 + print '<td class="size"> </td>'."\n" if $show_sizes;
166 print '<td class="list">';
167 print $cgi->a({-href => href(action=>"tree",
168 hash_base=>$hash_base,
169 @@ -7840,7 +7840,7 @@ sub git_log_generic {
170 my ($patch_max) = gitweb_get_feature('patches');
171 if ($patch_max && !defined $file_name) {
172 if ($patch_max < 0 || @commitlist <= $patch_max) {
173 - $paging_nav .= " ⋅ " .
174 + $paging_nav .= " · " .
175 $cgi->a({-href => href(action=>"patches", -replay=>1)},
176 "patches");
177 }
178 ---