Oops :x Add an additional test for live data for any
unprintable characters, too, since this could be a dangerous
source of HTML injection.
$v = PublicInbox::Hval->new($v);
if ($h eq 'From') {
- $title[1] = PublicInbox::Address::from_name($v->raw);
+ my $n = PublicInbox::Address::from_name($v->raw);
+ $title[1] = ascii_html($n);
} elsif ($h eq 'Subject') {
$title[0] = $v->as_html;
if ($srch) {
use POSIX qw(:sys_wait_h);
use Time::HiRes qw(gettimeofday tv_interval);
use WWW::Mechanize;
+use Data::Dumper;
my $nproc = 4;
my $slow = 0.5;
my %opts = (
my $n = length($l);
die "$$ send truncated $s < $n\n" if $s != $n;
}
+
+ # make sure the HTML source doesn't screw up terminals
+ # when people curl the source (not remotely an expert
+ # on languages or encodings, here).
+ next if $r->header('Content-Type') !~ m!\btext/html\b!;
+ my $dc = $r->decoded_content;
+ if ($dc =~ /([\x00-\x08\x0d-\x1f\x7f-\x{99999999}]+)/s) {
+ my $o = $1;
+ my $c = Dumper($o);
+ warn "bad: $u $c\n";
+ }
}
}