contrib/collection3: Ignore control characters.

While they are correctly encoded, e.g. as "", browsers will
complain about invalid XML and not render the page. Ignore all control
characters other than whitespace.

diff --git a/contrib/collection3/bin/index.cgi b/contrib/collection3/bin/index.cgi
index 027961f..4723af9 100755 (executable)
--- a/contrib/collection3/bin/index.cgi
+++ b/contrib/collection3/bin/index.cgi
@@ -240,6 +240,28 @@ HTML
   $html_started = 0;
 }
 
+sub contains_invalid_chars
+{
+  my $str = shift;
+
+  for (split (m//, $str))
+  {
+    my $n = ord ($_);
+
+    # Whitespace is allowed.
+    if (($n >= 9) && ($n <= 13))
+    {
+      next;
+    }
+    elsif ($n < 32)
+    {
+      return (1);
+    }
+  }
+
+  return;
+}
+
 sub show_selector
 {
   my $timespan_selection = get_timespan_selection ();
@@ -254,6 +276,7 @@ sub show_selector
 HTML
   for (sort (keys %$host_selection))
   {
+    next if contains_invalid_chars ($_);
     my $host = encode_entities ($_);
     my $selected = $host_selection->{$_}
     ? ' selected="selected"'
@@ -266,6 +289,7 @@ HTML
 HTML
   for (sort (keys %$plugin_selection))
   {
+    next if contains_invalid_chars ($_);
     my $plugin = encode_entities ($_);
     my $selected = $plugin_selection->{$_}
     ? ' selected="selected"'
@@ -278,6 +302,7 @@ HTML
 HTML
   for (sort { $TimeSpans->{$a} <=> $TimeSpans->{$b} } (keys (%$TimeSpans)))
   {
+    next if contains_invalid_chars ($_);
     my $name = encode_entities ($_);
     my $value = $TimeSpans->{$_};
     my $selected = ($value == $timespan_selection)
@@ -304,6 +329,7 @@ sub action_list_hosts
   for (sort @hosts)
   {
     my $url = encode_entities (script_name () . "?action=show_selection;hostname=$_");
+    next if contains_invalid_chars ($_);
     my $name = encode_entities ($_);
     print qq#      <li><a href="$url">$name</a></li>\n#;
   }