NAME¶
cgiEscape - HTML escape certain characters in a string
SYNOPSYS¶
#include <cgi.h>
char *cgiEscape (char *string);
DESCRIPTION¶
This function returns a pointer to a sanitised string. It converts
<,
& and
> into HTML entities so that the result can be
displayed without any danger of cross-site scripting in a browser. The result
may be passed to
free(3) after use. This routine is meant to be called
before any user provided strings are returned to the browser.
RETURN VALUE¶
cgiEscape() returns a pointer to the sanitised string or NULL in case of
error.
AUTHOR¶
This CGi library is written by Martin Schulze <joey@infodrom.org>. If you
have additions or improvements please get in touch with him.
SEE ALSO¶
free(3).