From 4ce5f34163756f39fefa5114c87922999e9d6320 Mon Sep 17 00:00:00 2001
From: Ben Bridle <bridle.benjamin@gmail.com>
Date: Tue, 11 Feb 2025 12:13:40 +1300
Subject: URL-encode special characters in unsanitized paths

Unlike for internal links, external links are never sanitized. When an
external link contained an apostrophe or a double-quote character, it
would prematurely terminate the href property of the containing <a> tag
and break the link.

Paths in internal and external links are now passed through a new
url_encode function, which replaces quote characters with the
percent-encoded equivalent.
---
 src/main.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'src/main.rs')

diff --git a/src/main.rs b/src/main.rs
index dc432ad..1ea25d2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -167,4 +167,14 @@ pub fn make_url_safe(text: &str) -> String {
     .collect()
 }
 
-
+pub fn url_encode(text: &str) -> String {
+    let mut output = String::new();
+    for c in text.chars() {
+        match c {
+            '"' => output.push_str("%22"),
+            '\'' => output.push_str("%27"),
+            _ => output.push(c),
+        }
+    }
+    return output;
+}
-- 
cgit v1.2.3-70-g09d2