commit - d5d6368fec7b23d11d7729deb2291eb9c7751b58
commit + cf0bb562ad08cfea921890bb5060eb1cd68f8023
blob - 485217105ae3a1a63d324452005e02bc2b69ad86
blob + af3c3a201f0e3bd08abcc34e2f0ae026d7a46724
--- cgi.c
+++ cgi.c
@@ -375,29 +375,37 @@ cgi_csrf_check(const char *form_token)
 void
 cgi_html_escape(const char *s)
 {
+	const char *safe = s;
+
 	while (*s != '\0') {
+		const char *entity = NULL;
 		switch (*s) {
 		case '&':
-			fputs("&", stdout);
+			entity = "&";
 			break;
 		case '<':
-			fputs("&lt;", stdout);
+			entity = "&lt;";
 			break;
 		case '>':
-			fputs("&gt;", stdout);
+			entity = "&gt;";
 			break;
 		case '"':
-			fputs("&#34;", stdout);
+			entity = "&#34;";
 			break;
 		case '\'':
-			fputs("&#39;", stdout);
+			entity = "&#39;";
 			break;
-		default:
-			fputc(*s, stdout);
-			break;
 		}
+		if (entity != NULL) {
+			if (s > safe)
+				fwrite(safe, 1, (size_t)(s - safe), stdout);
+			fputs(entity, stdout);
+			safe = s + 1;
+		}
 		s++;
 	}
+	if (s > safe)
+		fwrite(safe, 1, (size_t)(s - safe), stdout);
 }
 
 /*