pmccabe2html: escaping of special characters

The C code characters '<', '>', and '&' were improperly
escaped in HTML output, and their multiplicity was ignored.

diff --git a/ChangeLog b/ChangeLog
index 211d296..770710c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2013-09-25  Mats Erik Andersson  <gnu@gisladisker.se>
+
+       pmccabe2html: escaping of special characters
+       Escape all '<', '>', and '&' in HTML output.
+       * build-aux/pmccabe2html (html_fnc): Call gsub()
+       instead of sub() to capture all '<', '>', and '&'.
+       Neither of '<' and '>' is special in a regexp,
+       so first arguments to gsub() are corrected. Also,
+       in replacement strings, ampersand must be escaped.
+       Finally, '&' must be handled first, then '<' and '>'.
+
 2013-09-24  Eric Blake  <eblake@redhat.com>
 
        manywarnings: enable nicer gcc warning messages

diff --git a/build-aux/pmccabe2html b/build-aux/pmccabe2html
index 094c3e9..ffd0788 100644 (file)
--- a/build-aux/pmccabe2html
+++ b/build-aux/pmccabe2html
@@ -422,9 +422,9 @@ function html_fnc (nfun,
 
             while ((getline codeline < (fname nfun "_fn.txt")) > 0)
             {
-                sub(/\\</, "&lt;", codeline)
-                sub(/\\>/, "&gt;", codeline)
-                sub(/&/, "&amp;", codeline)
+                gsub(/&/, "\&amp;", codeline)  # Must come first.
+                gsub(/</, "\&lt;", codeline)
+                gsub(/>/, "\&gt;", codeline)
 
                 print codeline
             }