On 2-11-2009 02:15:25, Nico Golde wrote:
> Hi,
> * Tadeusz So??nierz <tadzi...@gmail.com> [2009-10-20 16:36]:
> [...]
> > +showbmarks(Client *c, const Arg *arg) {
> > + /* I wonder if 4 kB is too much or not enough */
> > + char html[4096] = "";
> > + /* same here. time will tell */
> > + char uri[128];
> > + FILE *f;
> > + stop(c, NULL);
> > + f = fopen(bmarksfile, "r");
> > + while(fscanf(f, "%127s\n", uri) != EOF) {
> > + snprintf(&html[strlen(html)], sizeof(html) - strlen(html),
> > + "<a href='%s'>%s</a><br />", uri, uri);
>
> You may want to html escape the uri, not?
Well, there are some security reasons, if that's what you mean. But
my tiny investigation (I mean, entering query string to google
containing html tags) showed that they become urlencoded by the app
itself, so it seems safe to me. If there's anything I don't know, please
let me know.
Regards,
Ted
--
===========================================================
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
