# HG changeset patch
# User Mike Becker <universe@uap-core.de>
# Date 1779358056 -7200
# Node ID 7c9dfe5b49b52c1258b2fd064c67eac0598518df
# Parent  bb0fc7994d2f1e4106efd30c323f311dd5cb13ca
fix insufficient HTML escaping in the pop-ups

fixes #847

diff -r bb0fc7994d2f -r 7c9dfe5b49b5 CHANGELOG
--- a/CHANGELOG	Thu Mar 12 12:09:03 2026 +0100
+++ b/CHANGELOG	Thu May 21 12:07:36 2026 +0200
@@ -1,3 +1,7 @@
+Version 1.2.1 - 2026-05-21
+
+- Fix insufficient HTML escaping in the pop-ups
+
 Version 1.2.0 - 2026-03-12
 
 - Add --styles-and-script option to output the default CSS and Javascript
diff -r bb0fc7994d2f -r 7c9dfe5b49b5 Makefile
--- a/Makefile	Thu Mar 12 12:09:03 2026 +0100
+++ b/Makefile	Thu May 21 12:07:36 2026 +0200
@@ -21,7 +21,7 @@
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-VERSION=1.2.0
+VERSION=1.2.1
 
 all: compile FORCE
 
diff -r bb0fc7994d2f -r 7c9dfe5b49b5 src/html.cpp
--- a/src/html.cpp	Thu Mar 12 12:09:03 2026 +0100
+++ b/src/html.cpp	Thu May 21 12:07:36 2026 +0200
@@ -96,27 +96,12 @@
         return buffer;
     }
 
-    static std::string escape_json(const std::string &raw) {
-        using std::string_view_literals::operator ""sv;
-        auto replace_all = [](std::string str, char chr, std::string_view repl) static {
-            size_t pos = str.find(chr);
-            if (pos == std::string::npos) return str;
-            std::string result = std::move(str);
-            do {
-                result.replace(pos, 1, repl);
-                pos += repl.length();
-            } while ((pos = result.find(chr, pos)) != std::string::npos);
-            return result;
-        };
-        return replace_all(replace_all(raw, '\\', "\\\\"), '\"', "\\\""sv);
-    }
-
     static std::string build_tag_list(fm::tag_lists tags, bool hide_repo_names) {
         std::string tags_json;
         if (hide_repo_names) {
             for (const auto &tags_vector: tags | std::views::values) {
                 for (const auto &tag: tags_vector) {
-                    tags_json += escape_json(tag.message);
+                    tags_json += encode(tag.message);
                     tags_json += ' ';
                 }
             }
@@ -126,9 +111,9 @@
         } else {
             tags_json += '{';
             for (const auto &[repo, tags_vector] : tags) {
-                tags_json += "\"" + escape_json(repo) + "\":\"";
+                tags_json += "\"" + encode(repo) + "\":\"";
                 for (const auto &tag: tags_vector) {
-                    tags_json += escape_json(tag.message);
+                    tags_json += encode(tag.message);
                     tags_json += ' ';
                 }
                 if (!tags_vector.empty()) {
@@ -151,7 +136,7 @@
             for (const auto &tags_vector: tags | std::views::values) {
                 for (const auto &tag: tags_vector) {
                     tags_json += '"';
-                    tags_json += escape_json(tag);
+                    tags_json += encode(tag);
                     tags_json += "\",";
                 }
             }
@@ -162,10 +147,10 @@
         } else {
             tags_json += '{';
             for (const auto &[repo, tags_vector] : tags) {
-                tags_json += "\"" + escape_json(repo) + "\":[";
+                tags_json += "\"" + encode(repo) + "\":[";
                 for (const auto &tag: tags_vector) {
                     tags_json += '"';
-                    tags_json += escape_json(tag);
+                    tags_json += encode(tag);
                     tags_json += "\",";
                 }
                 if (!tags_vector.empty()) {
@@ -516,7 +501,7 @@
                 std::string commit_summary_json;
                 commit_summary_json += '{';
                 for (const auto &[repo, count] : summary.commits) {
-                    commit_summary_json += std::format("\"{}\": {},", escape_json(repo), count);
+                    commit_summary_json += std::format("\"{}\": {},", encode(repo), count);
                 }
                 if (!summary.commits.empty()) {
                     commit_summary_json.pop_back();
@@ -582,7 +567,7 @@
     auto add_summaries = [](std::string &json, const std::vector<fm::commit_info> &summaries) static {
         // We have to iterate in reverse order to sort the summaries chronologically
         for (const auto &summary :  summaries | std::views::reverse) {
-            json += "\"" + escape_json(summary.message) + "\",";
+            json += "\"" + encode(summary.message) + "\",";
         }
         json.pop_back();
     };
@@ -596,7 +581,7 @@
     } else {
         summaries_json += '{';
         for (const auto &[repo, summaries] : commits.summaries) {
-            summaries_json += "\"" + escape_json(repo) + "\":[";
+            summaries_json += "\"" + encode(repo) + "\":[";
             add_summaries(summaries_json, summaries);
             summaries_json += "],";
         }
diff -r bb0fc7994d2f -r 7c9dfe5b49b5 src/main.cpp
--- a/src/main.cpp	Thu Mar 12 12:09:03 2026 +0100
+++ b/src/main.cpp	Thu May 21 12:07:36 2026 +0200
@@ -39,7 +39,7 @@
 
 using namespace std::chrono;
 
-static constexpr auto program_version = "1.2.0";
+static constexpr auto program_version = "1.2.1";
 
 static void print_help() {
     fputs(