branch: elpa/htmlize
commit 1ea27b320b697990faaa0f00786a5d199158106b
Author: Hrvoje Niksic <[email protected]>
Commit: Hrvoje Niksic <[email protected]>
Escape double quote in attribute values.
---
htmlize.el | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/htmlize.el b/htmlize.el
index a6dd316..8cffbd8 100644
--- a/htmlize.el
+++ b/htmlize.el
@@ -388,7 +388,7 @@ next-single-char-property-change")))
(aref table ?>) ">"
;; Not escaping '"' buys us a measurable speedup. It's only
;; necessary to quote it for strings used in attribute values,
- ;; which htmlize doesn't do.
+ ;; which htmlize doesn't typically do.
;(aref table ?\") """
)
table))
@@ -439,6 +439,18 @@ next-single-char-property-change")))
(char-to-string char)))))
string "")))
+(defun htmlize-attr-escape (string)
+ ;; Like htmlize-protect-string, but also escapes double-quoted
+ ;; strings to make it usable in attribute values.
+ (setq string (htmlize-protect-string string))
+ (if (not (string-match "\"" string))
+ string
+ (mapconcat (lambda (char)
+ (if (eql char ?\")
+ """
+ (char-to-string char)))
+ string "")))
+
(defsubst htmlize-concat (list)
(if (and (consp list) (null (cdr list)))
;; Don't create a new string in the common case where the list only
@@ -513,14 +525,14 @@ list."
(defun htmlize-generate-image (imgprops origtext)
(let ((alt (if (zerop (length origtext))
""
- (format " alt=\"%s\"" (htmlize-protect-string origtext)))))
+ (format " alt=\"%s\"" (htmlize-attr-escape origtext)))))
(cond ((plist-get imgprops :file)
;; Try to find the image in image-load-path
(let* ((found-props (cdr (find-image (list imgprops))))
(file (or (plist-get found-props :file)
(plist-get imgprops :file))))
(format "<img src=\"%s\"%s />"
- (htmlize-protect-string (file-relative-name file))
+ (htmlize-attr-escape (file-relative-name file))
alt)))
((plist-get imgprops :data)
(format "<img src=\"data:image/%s;base64,%s\"%s />"
