URL-fragment strings can only contain certain characters.

Fixing HTML syntax violations e.g. in pf.conf(5) and ifconfig(8) reported by Anton Lazarov <lists at wrant dot com>.
author: Ingo Schwarze <schwarze@openbsd.org> 2018-05-28 14:13:36 +0000
committer: Ingo Schwarze <schwarze@openbsd.org> 2018-05-28 14:13:36 +0000
commit: 775c3bccc761984b2467351e71754f1343fb0cef (patch)
tree: 11de01c0a01f50f4c89ee27a35deae7188e7707a /html.c
parent: 3ab9de080de77988b081d3524f26713a344fe02f (diff)
download: mandoc-775c3bccc761984b2467351e71754f1343fb0cef.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/html.c b/html.c
index 1a17bd9d..8543a635 100644
--- a/html.c
+++ b/html.c
@@ -287,10 +287,16 @@ html_make_id(const struct roff_node *n, int unique)
 	if (buf == NULL)
 		return NULL;
 
-	/* http://www.w3.org/TR/html5/dom.html#the-id-attribute */
+	/*
+	 * In ID attributes, only use ASCII characters that are
+	 * permitted in URL-fragment strings according to the
+	 * explicit list at:
+	 * https://url.spec.whatwg.org/#url-fragment-string
+	 */
 
 	for (cp = buf; *cp != '\0'; cp++)
-		if (*cp == ' ')
+		if (isalnum((unsigned char)*cp) == 0 &&
+		    strchr("!$&'()*+,-./:;=?@_~", *cp) == NULL)
 			*cp = '_';
 
 	if (unique == 0)
author	Ingo Schwarze <schwarze@openbsd.org>	2018-05-28 14:13:36 +0000
committer	Ingo Schwarze <schwarze@openbsd.org>	2018-05-28 14:13:36 +0000
commit	775c3bccc761984b2467351e71754f1343fb0cef (patch)
tree	11de01c0a01f50f4c89ee27a35deae7188e7707a /html.c
parent	3ab9de080de77988b081d3524f26713a344fe02f (diff)
download	mandoc-775c3bccc761984b2467351e71754f1343fb0cef.tar.gz