From 4ce5f34163756f39fefa5114c87922999e9d6320 Mon Sep 17 00:00:00 2001
From: Ben Bridle <bridle.benjamin@gmail.com>
Date: Tue, 11 Feb 2025 12:13:40 +1300
Subject: URL-encode special characters in unsanitized paths

Unlike for internal links, external links are never sanitized. When an
external link contained an apostrophe or a double-quote character, it
would prematurely terminate the href property of the containing <a> tag
and break the link.

Paths in internal and external links are now passed through a new
url_encode function, which replaces quote characters with the
percent-encoded equivalent.
---
 src/generate_html.rs | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/generate_html.rs')

diff --git a/src/generate_html.rs b/src/generate_html.rs
index 91424eb..e6bb86f 100644
--- a/src/generate_html.rs
+++ b/src/generate_html.rs
@@ -344,6 +344,7 @@ fn parse_internal_link(name: &str, page: &Page, website: &Website) -> ParsedLink
             warn!("Page {from:?} contains link to nonexistent internal heading {heading:?}");
         }
     }
+    let path = url_encode(&path);
     ParsedLink { path, class, label }
 }
 
@@ -375,6 +376,7 @@ fn parse_external_link(label: &str, path: &str, page: &Page, website: &Website)
             };
         }
     }
+    let path = url_encode(&path);
     let label = sanitize_text(&label, true);
     ParsedLink { path, class: "external", label }
 }
-- 
cgit v1.2.3-70-g09d2