如何防止变量中的特殊字符导致html错误

Question

I have a C file which generates an html script. sprintf(buf, " { text: \\\\"%s (%s)\\\\",var1,var2)

and the problem is that var2 is a string like = test>1 . This is being confused as the closing bracket of some other opening angular bracket in the script.

I want the data as such. But I want to know whether it is possible to avoid this issue with the help of some escape character or something.

Answer 1

Just replace those special characters with HTML entities:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

static size_t encode_len(const char *s)
{
    size_t len = 0;

    while (*s) {
        if (*s == '&' || *s == '"' || *s == '<' || *s == '>') {
            len += 5;
        } else {
            len += 1;
        }
        s++;
    }
    return len;
}

static char *encode(const char *s)
{
    char *p = malloc(encode_len(s) + 1);
    char *r = p;

    if (p == NULL) {
        perror("malloc");
        exit(EXIT_FAILURE);
    }
    while (*s) {
        switch (*s) {
            case '&': memcpy(p, "&#38;", 5); p += 5; break;
            case '"': memcpy(p, "&#34;", 5); p += 5; break;
            case '<': memcpy(p, "&#60;", 5); p += 5; break;
            case '>': memcpy(p, "&#62;", 5); p += 5; break;
            default: *p++ = *s;
        }
        s++;
    }
    *p = '\0';
    return r;
}

int main(void)
{
    char *demo = "Text &\"<>";
    char *result = encode(demo);

    printf("%s = %s\n", demo, result);
    free(result);
    return 0;
}

Output:

Text &"<> = Text &#38;&#34;&#60;&#62;

Answer 2

If you use the less than or greater than symbol(special characters) in the html file then it will mix them with the tags. So in your case try to use the html entities name to use the special characters to generate your html file.
For reference visit: http://www.w3schools.com/html/html_entities.asp