From 4ce5f34163756f39fefa5114c87922999e9d6320 Mon Sep 17 00:00:00 2001
From: Ben Bridle <bridle.benjamin@gmail.com>
Date: Tue, 11 Feb 2025 12:13:40 +1300
Subject: URL-encode special characters in unsanitized paths

Unlike for internal links, external links are never sanitized. When an
external link contained an apostrophe or a double-quote character, it
would prematurely terminate the href property of the containing <a> tag
and break the link.

Paths in internal and external links are now passed through a new
url_encode function, which replaces quote characters with the
percent-encoded equivalent.
---
 src/generate_html.rs |  2 ++
 src/main.rs          | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/generate_html.rs b/src/generate_html.rs
index 91424eb..e6bb86f 100644
--- a/src/generate_html.rs
+++ b/src/generate_html.rs
@@ -344,6 +344,7 @@ fn parse_internal_link(name: &str, page: &Page, website: &Website) -> ParsedLink
             warn!("Page {from:?} contains link to nonexistent internal heading {heading:?}");
         }
     }
+    let path = url_encode(&path);
     ParsedLink { path, class, label }
 }
 
@@ -375,6 +376,7 @@ fn parse_external_link(label: &str, path: &str, page: &Page, website: &Website)
             };
         }
     }
+    let path = url_encode(&path);
     let label = sanitize_text(&label, true);
     ParsedLink { path, class: "external", label }
 }
diff --git a/src/main.rs b/src/main.rs
index dc432ad..1ea25d2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -167,4 +167,14 @@ pub fn make_url_safe(text: &str) -> String {
     .collect()
 }
 
-
+pub fn url_encode(text: &str) -> String {
+    let mut output = String::new();
+    for c in text.chars() {
+        match c {
+            '"' => output.push_str("%22"),
+            '\'' => output.push_str("%27"),
+            _ => output.push(c),
+        }
+    }
+    return output;
+}
-- 
cgit v1.2.3-70-g09d2