From: Mantas Mikulėnas <grawity@gmail.com>
Date: Wed, 10 Oct 2012 21:00:25 +0000 (+0200)
Subject: journal: properly escape HTML entities in browse.html
X-Git-Tag: v195~136
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=522795e07742b4e804896147a21e026bb34602ba;ds=sidebyside

journal: properly escape HTML entities in browse.html
---

diff --git a/src/journal/browse.html b/src/journal/browse.html
index 068b296da..362611b1c 100644
--- a/src/journal/browse.html
+++ b/src/journal/browse.html
@@ -177,6 +177,10 @@
                                 return u.toString() + " B";
                 }
 
+                function escapeHTML(s) {
+                        return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+                }
+
                 function machineOnResult(event) {
                         if ((event.currentTarget.readyState != 4) ||
                                 (event.currentTarget.status != 200 && event.currentTarget.status != 0))
@@ -310,7 +314,7 @@
                                 else if (d.MESSAGE instanceof Array)
                                         buf += "[" + formatBytes(d.MESSAGE.length) + " blob data]";
                                 else
-                                        buf += d.MESSAGE;
+                                        buf += escapeHTML(d.MESSAGE);
 
                                 buf += '</a></td></tr>';
                         }