From 754da6e8d885bbfea430751cb0252f11deaf0e1a Mon Sep 17 00:00:00 2001
From: steve donovan <steve.j.donovan@gmail.com>
Date: Thu, 13 Dec 2012 19:18:24 +0200
Subject: [PATCH] usage strings were not HTML-escaped properly (Eric)

---
 ldoc/html.lua          | 5 +++++
 ldoc/html/ldoc_ltp.lua | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ldoc/html.lua b/ldoc/html.lua
index beee74b..d78a170 100644
--- a/ldoc/html.lua
+++ b/ldoc/html.lua
@@ -34,9 +34,14 @@ local function cleanup_whitespaces(text)
     return table.concat(lines, "\n")
 end
 
+local escape_table = { ["'"] = "&apos;", ["\""] = "&quot;", ["<"] = "&lt;", [">"] = "&gt;", ["&"] = "&amp;" }
+
 function html.generate_output(ldoc, args, project)
    local check_directory, check_file, writefile = tools.check_directory, tools.check_file, tools.writefile
 
+   function ldoc.escape(str)
+      return (str:gsub("['&<>\"]", escape_table))
+   end
 
    -- this generates the internal module/function references
    function ldoc.href(see)
diff --git a/ldoc/html/ldoc_ltp.lua b/ldoc/html/ldoc_ltp.lua
index cf1e2eb..a9fc310 100644
--- a/ldoc/html/ldoc_ltp.lua
+++ b/ldoc/html/ldoc_ltp.lua
@@ -96,7 +96,7 @@ return [==[
     <h3>Usage:</h3>
     <ul>
 #     for usage in iter(module.usage) do
-        $(li)<pre class="example">$(usage)</pre>$(il)
+        $(li)<pre class="example">$(ldoc.escape(usage))</pre>$(il)
 #     end -- for
     </ul>
 #   end -- if usage
@@ -155,7 +155,7 @@ return [==[
     <h3>Usage:</h3>
     <ul>
 #     for usage in iter(item.usage) do
-        $(li)<pre class="example">$(usage)</pre>$(il)
+        $(li)<pre class="example">$(ldoc.escape(usage))</pre>$(il)
 #     end -- for
     </ul>
 #   end -- if usage