chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
journal: properly escape HTML entities in browse.html
[elogind.git] / src / journal / browse.html
diff --git a/src/journal/browse.html b/src/journal/browse.html
index 068b296da1f1a3a2da6fd0d0c68e9eb76ee7d6f8..362611b1c22a3aa26b79648e99d259ae74af1b21 100644 (file)
--- a/src/journal/browse.html
+++ b/src/journal/browse.html
@@ -177,6 +177,10 @@
                                 return u.toString() + " B";
                 }
 
+                function escapeHTML(s) {
+                        return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+                }
+
                 function machineOnResult(event) {
                         if ((event.currentTarget.readyState != 4) ||
                                 (event.currentTarget.status != 200 && event.currentTarget.status != 0))
@@ -310,7 +314,7 @@
                                 else if (d.MESSAGE instanceof Array)
                                         buf += "[" + formatBytes(d.MESSAGE.length) + " blob data]";
                                 else
-                                        buf += d.MESSAGE;
+                                        buf += escapeHTML(d.MESSAGE);
 
                                 buf += '</a></td></tr>';
                         }
Unnamed repository; edit this file 'description' to name the repository.