chiark / gitweb /
journal: properly escape HTML entities in browse.html
authorMantas Mikul─Śnas <grawity@gmail.com>
Wed, 10 Oct 2012 21:00:25 +0000 (23:00 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 10 Oct 2012 21:00:59 +0000 (23:00 +0200)
src/journal/browse.html

index 068b296..362611b 100644 (file)
                                 return u.toString() + " B";
                 }
 
+                function escapeHTML(s) {
+                        return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+                }
+
                 function machineOnResult(event) {
                         if ((event.currentTarget.readyState != 4) ||
                                 (event.currentTarget.status != 200 && event.currentTarget.status != 0))
                                 else if (d.MESSAGE instanceof Array)
                                         buf += "[" + formatBytes(d.MESSAGE.length) + " blob data]";
                                 else
-                                        buf += d.MESSAGE;
+                                        buf += escapeHTML(d.MESSAGE);
 
                                 buf += '</a></td></tr>';
                         }