Re: gopher2html, a possible way to browse the gopherspace via w3m
Hello Hiltjo,
Hiltjo Posthuma writes:
> There is an issue in:
>
> type == TYPE["html"] {
> url = substr(selector, 5) # strip `URL:' prefix
> printf("<a href='%s'>%s</a>\n", url, encode(user_name))
> }
>
> the url should be escaped too, it can be a security issue.
> same in "picture" and urlize().
>
> The encode() function should escape " (to ") and ' (to ').
I have modified encode() to escape `"' and `'', urlize() to always
encode() the URL returned and all the printf()s in actions accordingly.
Thank you very much for reporting and suggesting that!
Reply to: