add " and ' to list of html-escaped chars

R=rsc http://go/go-review/1017025

add " and ' to list of html-escaped chars
R=rsc http://go/go-review/1017025
467c726e · Robert Griesemer · 796e29eb · 467c726e
Commit 467c726e authored Nov 03, 2009 by Robert Griesemer
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 15 deletions

src/pkg/template/format.go src/pkg/template/format.go +24 -15

No files found.
--- a/src/pkg/template/format.go
+++ b/src/pkg/template/format.go
@@ -21,29 +21,38 @@ func StringFormatter(w io.Writer, value interface{}, format string) {
 	fmt.Fprint(w, value);
 }
+var (
-var esc_amp = strings.Bytes("&amp;")
+	esc_quot = strings.Bytes("&#34;");  // shorter than "&quot;"
-var esc_lt = strings.Bytes("&lt;")
+	esc_apos = strings.Bytes("&#39;");  // shorter than "&apos;"
-var esc_gt = strings.Bytes("&gt;")
+	esc_amp = strings.Bytes("&amp;");
+	esc_lt = strings.Bytes("&lt;");
+	esc_gt = strings.Bytes("&gt;");
+)
 // HtmlEscape writes to w the properly escaped HTML equivalent
 // of the plain text data s.
 func HtmlEscape(w io.Writer, s []byte) {
+	var esc []byte;
 	last := 0;
 	for i, c := range s {
-		if c == '&' || c == '<' || c == '>' {
-			w.Write(s[last:i]);
 		switch c {
+		case '"':
+			esc = esc_quot;
+		case '\'':
+			esc = esc_apos;
 		case '&':
-				w.Write(esc_amp);
+			esc = esc_amp;
 		case '<':
-				w.Write(esc_lt);
+			esc = esc_lt;
 		case '>':
-				w.Write(esc_gt);
+			esc = esc_gt;
+		default:
+			continue;
 		}
+		w.Write(s[last:i]);
+		w.Write(esc);
 		last = i+1;
 	}
-	}
 	w.Write(s[last:len(s)]);
 }