chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
522795e
)
journal: properly HTML escape more output in browse.html
author
Lennart Poettering
<lennart@poettering.net>
Wed, 10 Oct 2012 21:14:32 +0000
(23:14 +0200)
committer
Lennart Poettering
<lennart@poettering.net>
Wed, 10 Oct 2012 21:14:32 +0000
(23:14 +0200)
src/journal/browse.html
patch
|
blob
|
history
diff --git
a/src/journal/browse.html
b/src/journal/browse.html
index 362611b1c22a3aa26b79648e99d259ae74af1b21..f16e346d90d9e737a1a28d6b6f61cd17fa2076dd 100644
(file)
--- a/
src/journal/browse.html
+++ b/
src/journal/browse.html
@@
-81,9
+81,10
@@
<body>
<!-- TODO:
<body>
<!-- TODO:
-
- - show red lines for reboots
- - show contents of entries -->
+ - live display
+ - keyboard navigation
+ - localstorage
+ - show red lines for reboots -->
<h1 id="title"></h1>
<h1 id="title"></h1>
@@
-189,8
+190,8
@@
var d = JSON.parse(event.currentTarget.responseText);
var title = document.getElementById("title");
var d = JSON.parse(event.currentTarget.responseText);
var title = document.getElementById("title");
- title.innerHTML = 'Journal of ' +
d.hostname
;
- document.title = 'Journal of ' +
d.hostname
;
+ title.innerHTML = 'Journal of ' +
escapeHTML(d.hostname)
;
+ document.title = 'Journal of ' +
escapeHTML(d.hostname)
;
var machine = document.getElementById("machine");
machine.innerHTML = 'Machine ID is <b>' + d.machine_id + '</b>, current boot ID is <b>' + d.boot_id + '</b>.';
var machine = document.getElementById("machine");
machine.innerHTML = 'Machine ID is <b>' + d.machine_id + '</b>, current boot ID is <b>' + d.boot_id + '</b>.';
@@
-204,10
+205,10
@@
usage.innerHTML = 'Disk usage is <b>' + formatBytes(parseInt(d.usage)) + '</b>.';
var os = document.getElementById("os");
usage.innerHTML = 'Disk usage is <b>' + formatBytes(parseInt(d.usage)) + '</b>.';
var os = document.getElementById("os");
- os.innerHTML = 'Operating system is <b>' +
d.os_pretty_name
+ '</b>.';
+ os.innerHTML = 'Operating system is <b>' +
escapeHTML(d.os_pretty_name)
+ '</b>.';
var virtualization = document.getElementById("virtualization");
var virtualization = document.getElementById("virtualization");
- virtualization.innerHTML = d.virtualization == "bare" ? "Running on <b>bare metal</b>." : "Running on virtualization <b>" +
d.virtualization
+ "</b>.";
+ virtualization.innerHTML = d.virtualization == "bare" ? "Running on <b>bare metal</b>." : "Running on virtualization <b>" +
escapeHTML(d.virtualization)
+ "</b>.";
}
function entriesLoad(range) {
}
function entriesLoad(range) {
@@
-298,14
+299,14
@@
buf += '</td><td class="process">';
if (d.SYSLOG_IDENTIFIER != undefined)
buf += '</td><td class="process">';
if (d.SYSLOG_IDENTIFIER != undefined)
- buf +=
d.SYSLOG_IDENTIFIER
;
+ buf +=
escapeHTML(d.SYSLOG_IDENTIFIER)
;
else if (d._COMM != undefined)
else if (d._COMM != undefined)
- buf +=
d._COMM
;
+ buf +=
escapeHTML(d._COMM)
;
if (d._PID != undefined)
if (d._PID != undefined)
- buf += "[" +
d._PID
+ "]";
+ buf += "[" +
escapeHTML(d._PID)
+ "]";
else if (d.SYSLOG_PID != undefined)
else if (d.SYSLOG_PID != undefined)
- buf += "[" +
d.SYSLOG_PID
+ "]";
+ buf += "[" +
escapeHTML(d.SYSLOG_PID)
+ "]";
buf += '</td><td class="' + clazz + '"><a href="#entry" onclick="onMessageClick(\'' + lc + '\');">';
buf += '</td><td class="' + clazz + '"><a href="#entry" onclick="onMessageClick(\'' + lc + '\');">';
@@
-345,15
+346,21
@@
var d = JSON.parse(event.currentTarget.responseText);
document.getElementById("diventry").style.display = "block";
var d = JSON.parse(event.currentTarget.responseText);
document.getElementById("diventry").style.display = "block";
-
entry = document.getElementById("tableentry");
var buf = "";
entry = document.getElementById("tableentry");
var buf = "";
-
for (var key in d){
for (var key in d){
- buf += '<tr><td class="field">' + key + '</td><td class="data">' + d[key] + '</td></tr>';
- }
+ var data = d[key];
+ if (data == null)
+ data = "[blob data]";
+ else if (data instanceof Array)
+ data = "[" + formatBytes(data.length) + " blob data]";
+ else
+ data = escapeHTML(data);
+
+ buf += '<tr><td class="field">' + key + '</td><td class="data">' + data + '</td></tr>';
+ }
entry.innerHTML = '<tbody>' + buf + '</tbody>';
}
entry.innerHTML = '<tbody>' + buf + '</tbody>';
}