From: Robert Griesemer <gri@golang.org>
Date: Wed, 4 Nov 2009 06:52:10 +0000 (-0800)
Subject: add " and ' to list of html-escaped chars
X-Git-Tag: weekly.2009-11-06~98
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=467c726eec013c2af732305772e4664aa090edff;p=gostls13.git

add " and ' to list of html-escaped chars

R=rsc
http://go/go-review/1017025
---

diff --git a/src/pkg/template/format.go b/src/pkg/template/format.go
index bbdfcb4bb8..bcffc66ac5 100644
--- a/src/pkg/template/format.go
+++ b/src/pkg/template/format.go
@@ -21,28 +21,37 @@ func StringFormatter(w io.Writer, value interface{}, format string) {
 	fmt.Fprint(w, value);
 }
 
-
-var esc_amp = strings.Bytes("&amp;")
-var esc_lt = strings.Bytes("&lt;")
-var esc_gt = strings.Bytes("&gt;")
+var (
+	esc_quot = strings.Bytes("&#34;");  // shorter than "&quot;"
+	esc_apos = strings.Bytes("&#39;");  // shorter than "&apos;"
+	esc_amp = strings.Bytes("&amp;");
+	esc_lt = strings.Bytes("&lt;");
+	esc_gt = strings.Bytes("&gt;");
+)
 
 // HtmlEscape writes to w the properly escaped HTML equivalent
 // of the plain text data s.
 func HtmlEscape(w io.Writer, s []byte) {
+	var esc []byte;
 	last := 0;
 	for i, c := range s {
-		if c == '&' || c == '<' || c == '>' {
-			w.Write(s[last:i]);
-			switch c {
-			case '&':
-				w.Write(esc_amp);
-			case '<':
-				w.Write(esc_lt);
-			case '>':
-				w.Write(esc_gt);
-			}
-			last = i+1;
+		switch c {
+		case '"':
+			esc = esc_quot;
+		case '\'':
+			esc = esc_apos;
+		case '&':
+			esc = esc_amp;
+		case '<':
+			esc = esc_lt;
+		case '>':
+			esc = esc_gt;
+		default:
+			continue;
 		}
+		w.Write(s[last:i]);
+		w.Write(esc);
+		last = i+1;
 	}
 	w.Write(s[last:len(s)]);
 }