1.1 --- a/s4-blog.sh	Tue Dec 29 09:50:35 2015 +0859
     1.2 +++ b/s4-blog.sh	Tue Jan 05 18:47:59 2016 +0859
     1.3 @@ -375,7 +375,7 @@
     1.4  <tr id="$id">
     1.5  <td>${edit:+<a href="$elink+$edit">編集</a>}
     1.6  <a href="$hlink+$uid">$uname</a>
     1.7 -$tm</td><td>`echo "$hte"|unhexize`
     1.8 +$tm</td><td>`echo "$hte"|unhexize|htmlescape`
     1.9  EOF
    1.10        for i in $imgids; do
    1.11  	mrid=${i%%:*}; i=${i#*:}; sz=`size_h ${i%%:*}`

     2.1 --- a/s4-funcs.sh	Tue Dec 29 09:50:35 2015 +0859
     2.2 +++ b/s4-funcs.sh	Tue Jan 05 18:47:59 2016 +0859
     2.3 @@ -723,6 +723,10 @@
     2.4  percenthex() {
     2.5    hexize $1 | sed 's/\(..\)/%\1/g'
     2.6  }
     2.7 +htmlescape() {
     2.8 +  sed -e 's/\&/\&/g' -e 's/"/\"/g' -e "s/'/\'/g" \
     2.9 +      -e "s/</\&lt;/g; s/>/\&gt;/g"
    2.10 +}
    2.11  enascii() {
    2.12    if [ -z "$enascii" ]; then
    2.13      if type kakasi >/dev/null 2>&1; then
    2.14 @@ -2447,7 +2451,7 @@
    2.15      form="" val=""
    2.16      if [ -n "$rowid" ]; then
    2.17        # err genform2a: Seeking for "$2.$name, type=$type"
    2.18 -      val=`getvalbyid $2 $name $rowid $td`
    2.19 +      val=`getvalbyid $2 $name $rowid $td|htmlescape`
    2.20  err genform3a: getvalbyid $2 $name $rowid $td
    2.21  err genform3b: val="[$val]"
    2.22      fi