* The empty string in the second argument leads to a syntax error
   * when the macro is not used with a string literal. Unfortunately
   * the error is not overly explicit.
   */

/* BLOB_APPEND_BLOB -- append blob contents to another */
#define BLOB_APPEND_BLOB(dest, src) \
  safe_html_append((dest), blob_buffer(src), blob_size(src))


/* HTML escapes
**
** html_escape() converts < to &lt;, > to &gt;, and & to &amp;.
** html_quote() goes further and converts " into &quot; and ' in &#39;.
*/

   && sqlite3_strnicmp("</h1>", &data[size-5],5)==0
  ){
    int nTag = html_tag_length(data);
    blob_append(title, data+nTag, size - nTag - 5);
    return;
  }
  INTER_BLOCK(ob);
  safe_html_append(ob, data, size);
  BLOB_APPEND_LITERAL(ob, "\n");
}

static void html_blockcode(struct Blob *ob, struct Blob *text, void *opaque){
  INTER_BLOCK(ob);
  BLOB_APPEND_LITERAL(ob, "<pre><code>");
  html_escape(ob, blob_buffer(text), blob_size(text));

    html_to_plaintext(blob_str(&in), &out);
    blob_reset(&in);
    fossil_puts(blob_str(&out), 0);
    blob_reset(&out);
  }
}

/****************************************************************************
** safe-html:
**
** An interface for preventing HTML constructs (ex: <style>, <form>, etc)
** from being inserted into Wiki and Forum posts using Markdown.   See the
** comment on safe_html_append() for additional information on what is meant
** by "safe".
**
** The safe-html restrictions only apply to Markdown, as Fossil-Wiki only
** allows safe-html by design - unsafe-HTML is never and has never been
** allowed in Fossil-Wiki.
**
** This code is in the wikiformat.c file so that it can have access to the
** white-list of acceptable HTML in the aMarkup[] array.
*/

/*
** An instance of this object keeps track of the nesting of HTML
** elements for safe_html_append().
*/

typedef struct HtmlTagStack HtmlTagStack;
struct HtmlTagStack {
  int n;                /* Current tag stack depth */
  int nAlloc;           /* Space allocated for aStack[] */
  int *aStack;          /* The stack of tags */
  int aSpace[10];       /* Initial static space, to avoid malloc() */
};


/*
** Initialize bulk memory to a valid empty tagstack.
*/
static void html_tagstack_init(HtmlTagStack *p){
  p->n = 0;
  p->nAlloc = 0;
  p->aStack = p->aSpace;
}

/*
** Push a new element onto the tag statk
*/
static void html_tagstack_push(HtmlTagStack *p, int e){
  if( p->n>=ArraySize(p->aSpace) && p->n>=p->nAlloc ){
    if( p->nAlloc==0 ){
      int *aNew;
      p->nAlloc = 50;
      aNew = fossil_malloc( sizeof(p->aStack[0])*p->nAlloc );
      memcpy(aNew, p->aStack, sizeof(p->aStack[0])*p->n );
      p->aStack = aNew;
    }else{
      p->nAlloc *= 2;
      p->aStack = fossil_realloc(p->aStack, sizeof(p->aStack[0])*p->nAlloc );
    }
  }
  p->aStack[p->n++] = e;
}

/*
** Clear a tag stack, reclaiming any memory allocations.
*/
static void html_tagstack_clear(HtmlTagStack *p){
  if( p->nAlloc ){
    fossil_free(p->aStack);
    p->nAlloc = 0;
    p->aStack = p->aSpace;
  }
  p->n = 0;
}

/*
** The HTML end-tag eEnd wants to be added to pBlob.
**
** If an open-tag for eEnd exists anywhere on the stack, then
** pop it and all prior elements from the task, issuing appropriate
** end-tags as you go.
**
** If there is no open-tag for eEnd on the stack, then this
** routine is a no-op.
*/
static void html_tagstack_pop(HtmlTagStack *p, Blob *pBlob, int eEnd){
  int i, e;
  if( eEnd!=0 ){
    for(i=p->n-1; i>=0 && p->aStack[i]!=eEnd; i--){}
    if( i<0 ){
      blob_appendf(pBlob, "<span class='error'>&lt;/%s&gt;</span>",
                   aMarkup[eEnd].zName);
      return;

** Append HTML text to a Blob object.  The appended text is modified
** changed in the following ways:
**
**    1.  Omit any elements that are not on the AllowedMarkup list.
**
**    2.  Omit any attributes that are not on the AllowedMarkup list.
**
**    3.  Omit any surplus close-tags.  (This prevents a surplus </div>
**        or </body> or similar element from interferring with formatting
**        of the outer context in which the HTML is being inserted.)
**
**    4.  Insert additional close-tags as necessary so that any
**        tag in the input that needs a close-tag has one.  (This prevents
**        the inserted HTML from messing up the formatting of subsequent
**        sections of the document into which it is being inserted.)
**
** The input must be writable.  Temporary changes may be made to the
** input, but the input is restored to its original state prior to
** returning.  If zHtml[nHtml] is not a zero character, then a zero
** might be written in that position temporarily, but that slot will
** also be restored before this routine returns.
*/
void safe_html_append(Blob *pBlob, char *zHtml, int nHtml){
  char cLast;
  int i, j, n;
  HtmlTagStack s;
  ParsedMarkup markup;

  if( nHtml<=0 ) return;
  cLast = zHtml[nHtml];

/*
** COMMAND: test-safe-html
**
** Usage: %fossil test-safe-html FILE ...
**
** Read files named on the command-line.  Send the text of each file
** through safe_html_append() and then write the result on
** standard output.
*/
void test_safe_html_cmd(void){
  int i;
  Blob x;
  Blob y;
  for(i=2; i<g.argc; i++){
    char *z;
    int n;
    blob_read_from_file(&x, g.argv[i], ExtFILE);
    blob_init(&y, 0, 0);
    blob_terminate(&x);
    safe_html_append(&y, blob_buffer(&x), blob_size(&x));
    blob_reset(&x);
    z = blob_str(&y);
    n = blob_size(&y);
    while( n>0 && (z[n-1]=='\n' || z[n-1]=='\r') ) n--;
    fossil_print("%.*s\n", n, z);
    blob_reset(&y);
  }
}