Merge of r4313:
Added escaping of double quotes in ngx_escape_html().
Patch by Zaur Abasmirzoev.
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 29f8e0d..f5e1d4b 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -1657,6 +1657,10 @@
len += sizeof("&") - 2;
break;
+ case '"':
+ len += sizeof(""") - 2;
+ break;
+
default:
break;
}
@@ -1684,6 +1688,11 @@
*dst++ = ';';
break;
+ case '"':
+ *dst++ = '&'; *dst++ = 'q'; *dst++ = 'u'; *dst++ = 'o';
+ *dst++ = 't'; *dst++ = ';';
+ break;
+
default:
*dst++ = ch;
break;