HTML: ensure hrefs are quoted properly

We may be breaking some parsers or allowing more breakage
to slip through without quotes.  We waste some bytes, though.

diff --git a/lib/PublicInbox/Feed.pm b/lib/PublicInbox/Feed.pm
index 16b860cbde641baee0cdf9bb7dbee9b7c4a948a4..b08bd8837507e51a37d55ec458c23da9cc11a3aa 100644 (file)
--- a/lib/PublicInbox/Feed.pm
+++ b/lib/PublicInbox/Feed.pm
@@ -69,8 +69,8 @@ sub generate_html_index {
        $th->thread;
        my @args = (
                "<html><head><title>$title</title>" .
-               '<link rel=alternate title=Atom.feed href=' .
-               $feed_opts->{atomurl} . ' type="application/atom+xml"/>' .
+               '<link rel=alternate title=Atom.feed href="' .
+               $feed_opts->{atomurl} . '" type="application/atom+xml"/>' .
                '</head><body><pre>');
        push @args, $feed_opts->{midurl};
        dump_html_line($_, 0, \@args) for $th->rootset;
@@ -217,7 +217,7 @@ sub dump_html_line {
                (defined($from) && length($from)) or $from = $from[0]->address;
                $from = escapeHTML($from);
                $subj = escapeHTML($subj);
-               $args->[0] .= "<a href=$url>`-&gt; $subj</a> $from\n";
+               $args->[0] .= "<a href=\"$url.html\">`-&gt; $subj</a> $from\n";
        } else {
                $args->[0] .= "[ Message not available ]\n";
        }

diff --git a/lib/PublicInbox/View.pm b/lib/PublicInbox/View.pm
index 9237f32309e4f0ff3ba908359a01a90ef2cdc86d..7c92cbab7aaf4398b2d5e2d8a4e6a812e655df92 100644 (file)
--- a/lib/PublicInbox/View.pm
+++ b/lib/PublicInbox/View.pm
@@ -83,8 +83,8 @@ sub add_text_body_short {
                                $cur .= shift(@sum) . ' ';
                        } while (@sum && length($cur) < 68);
                        $cur=~ s/ \z/ .../;
-                       "&gt; &lt;<a href=${full_pfx}#q${part_nr}_" . $n++ .
-                               ">$cur<\/a>&gt;";
+                       "&gt; &lt;<a href=\"${full_pfx}#q${part_nr}_" . $n++ .
+                               "\">$cur<\/a>&gt;";
                } else {
                        $cur;
                }
@@ -140,14 +140,15 @@ sub headers_to_html_header {
        my $mid = $simple->header('Message-ID');
        if (defined $mid) {
                my ($html, $href) = trim_message_id($mid);
-               $rv .= "Message-ID: <a href=$href.html>$html</a> ";
-               $rv .= "(<a href=$href.txt>original</a>)\n";
+               $rv .= "Message-ID: &lt;<a href=\"$href.html\">$html</a>&gt; ";
+               $rv .= "(<a href=\"$href.txt\">original</a>)\n";
        }
 
        my $irp = $simple->header('In-Reply-To');
        if (defined $irp) {
                my ($html, $href) = trim_message_id($irp);
-               $rv .= "In-Reply-To: <a href=$href.html>$html</a>\n";
+               $rv .= "In-Reply-To: &lt;";
+               $rv .= "<a href=\"$href.html\">$html</a>&gt;\n";
        }
        $rv .= "\n";
 

diff --git a/t/view.t b/t/view.t
index ad79c413084f9d97726769ea19a3bc4f60fd2e68..ef1b74c940c5dc747a677598ec94daefe7d7f6d8 100644 (file)
--- a/t/view.t
+++ b/t/view.t
@@ -33,7 +33,7 @@ EOF
        my $html = PublicInbox::View->as_html($s);
 
        # ghetto
-       like($html, qr/<a href="?hello%40/s, "MID link present");
+       like($html, qr/<a href="hello%40/s, "MID link present");
        like($html, qr/hello world\b/, "body present");
        like($html, qr/&gt; keep this inline/, "short quoted text is inline");
        like($html, qr/<a name=[^>]+>&gt; Long and wordy/,
@@ -44,7 +44,7 @@ EOF
        my $short = PublicInbox::View->as_html($s, $pfx);
        like($short, qr/\n&gt; keep this inline/,
                "short quoted text is inline");
-       like($short, qr/<a href=\Q$pfx\E#[^>]+>Long and wordy/,
+       like($short, qr/<a href="\Q$pfx\E#[^>]+>Long and wordy/,
                "long quoted text is made into a link");
        ok(length($short) < length($html), "short page is shorter");
 }