Mercurial > pidgin
comparison libpurple/util.h @ 26771:e72df47d41fe
Escape all the values when appending them to the Entity Caps verification str.
xmlnode_get_attrib and xmlnode_get_data unescape what they return. Thanks to
Tobias and Waqas. This will still fail to validate if the other side uses
entity codes (or uses other entities unnecessarily), but that should be dealt
with as a hash failure instead of a collision.
(10:12:11) Tobias: [18:48:43] <waqas> <identity category='client' type='pc' name='SomeClient'/><feature var='http://jabber.org/protocol/muc'/> turns into 'client/pc//SomeClient<http://jabber.org/protocol/caps<'
but so does <identity category='client' type='pc' name='SomeClient<http://jabber.org/protocol/caps'/>, which is a collision, right?
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Sat, 02 May 2009 01:26:18 +0000 |
parents | fd97c0de433d |
children | ab31daf1c1ee |
comparison
equal
deleted
inserted
replaced
26770:7c1ecd0727db | 26771:e72df47d41fe |
---|---|
494 * string when finished with it. | 494 * string when finished with it. |
495 */ | 495 */ |
496 char *purple_markup_linkify(const char *str); | 496 char *purple_markup_linkify(const char *str); |
497 | 497 |
498 /** | 498 /** |
499 * Unescapes HTML entities to their literal characters. | 499 * Escape special HTML characters to their HTML entities. |
500 * This is almost the reverse of purple_unescape_html except that | |
501 * this does not translate "\n" into "<br>". | |
502 * | |
503 * @param str The string in which to escape special characters. | |
504 * | |
505 * @return The text with the special characters escaped. You must | |
506 * g_free this string when finished with it. | |
507 * | |
508 * @see purple_unescape_html | |
509 * @since 2.6.0 | |
510 */ | |
511 char *purple_escape_html(const char *str); | |
512 | |
513 /** | |
514 * Unescapes HTML entities to their literal characters. Also translates | |
515 * "<br>" to "\n". | |
500 * For example "&" is replaced by '&' and so on. | 516 * For example "&" is replaced by '&' and so on. |
501 * Actually only "&", """, "<" and ">" are currently | 517 * Actually only "&", """, "<" and ">" are currently |
502 * supported. | 518 * supported. |
503 * | 519 * |
504 * @param html The string in which to unescape any HTML entities | 520 * @param html The string in which to unescape any HTML entities |
505 * | 521 * |
506 * @return The text with HTML entities literalized. You must g_free | 522 * @return The text with HTML entities literalized. You must g_free |
507 * this string when finished with it. | 523 * this string when finished with it. |
524 * | |
525 * @see purple_escape_html | |
508 */ | 526 */ |
509 char *purple_unescape_html(const char *html); | 527 char *purple_unescape_html(const char *html); |
510 | 528 |
511 /** | 529 /** |
512 * Returns a newly allocated substring of the HTML UTF-8 string "str". | 530 * Returns a newly allocated substring of the HTML UTF-8 string "str". |