[pkgsrc/trunk]: pkgsrc/mk/scripts mk/scripts: fix a few of the HTML injection...

[rillig <rillig%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/35a23028453c
branches:  trunk
changeset: 431194:35a23028453c
user:      rillig <rillig%pkgsrc.org@localhost>
date:      Sun May 10 07:48:10 2020 +0000

description:
mk/scripts: fix a few of the HTML injections in README generation

These are needed for the djb-errno-hack option, which includes the <>
characters.

diffstat:

 mk/scripts/genreadme.awk   |   9 +++++++--
 mk/scripts/htmloptions.awk |  11 +++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diffs (61 lines):

diff -r 4b2509d052cc -r 35a23028453c mk/scripts/genreadme.awk
--- a/mk/scripts/genreadme.awk  Sun May 10 07:10:39 2020 +0000
+++ b/mk/scripts/genreadme.awk  Sun May 10 07:48:10 2020 +0000
@@ -1,5 +1,5 @@
 #!/usr/bin/awk -f
-# $NetBSD: genreadme.awk,v 1.38 2018/08/22 20:48:37 maya Exp $
+# $NetBSD: genreadme.awk,v 1.39 2020/05/10 07:48:10 rillig Exp $
 #
 # Copyright (c) 2002, 2003, 2005, 2006, 2015 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -397,7 +397,7 @@
                                gsub(/%%VULNERABILITIES%%/, ""vul"");
                                gsub(/%%VULDATE%%/, ""vuldate"");
                                gsub(/%%RUN_DEPENDS%%/, ""rundeps"");
-                               gsub(/%%OPTIONS%%/, ""options[toppkg]"");
+                               gsub(/%%OPTIONS%%/, escape_re_replacement(""options[toppkg]""));
 
                                line = $0;
 
@@ -684,6 +684,11 @@
        return(reg);
 }
 
+function escape_re_replacement(s) {
+       gsub(/&/, "\\\\\\&", s);
+       return s;
+}
+
 #
 # take a string which has a shell glob pattern and turn it into
 # an awk regular expression.
diff -r 4b2509d052cc -r 35a23028453c mk/scripts/htmloptions.awk
--- a/mk/scripts/htmloptions.awk        Sun May 10 07:10:39 2020 +0000
+++ b/mk/scripts/htmloptions.awk        Sun May 10 07:48:10 2020 +0000
@@ -1,5 +1,5 @@
 #!/usr/bin/awk -f
-# $NetBSD: htmloptions.awk,v 1.2 2018/08/22 20:48:37 maya Exp $
+# $NetBSD: htmloptions.awk,v 1.3 2020/05/10 07:48:10 rillig Exp $
 #
 # Copyright (c) 2015 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -32,7 +32,7 @@
 
 /^\t/ {
        o++;
-       printf "<dt>%s</dt><dd>%s</dd>", $2, $3;
+       printf "<dt>%s</dt><dd>%s</dd>\n", escape_html($2), escape_html($3);
 }
 
 /^These options are/ {
@@ -49,3 +49,10 @@
                printf "<dt><em>(none)</em></dt>";
        }
 }
+
+function escape_html(s) {
+       gsub(/&/, "\\&amp;", s);
+       gsub(/</, "\\&lt;", s);
+       gsub(/>/, "\\&gt;", s);
+       return s;
+}