diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-10-10 23:14:32 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-10-10 23:14:32 +0200 |
commit | 6c69cd8626d8ba9c879f6885122cf5f2eb855fda (patch) | |
tree | 732b12d9e9891735af7b1221f40794c9fd684ffc /src/journal/browse.html | |
parent | 522795e07742b4e804896147a21e026bb34602ba (diff) |
journal: properly HTML escape more output in browse.html
Diffstat (limited to 'src/journal/browse.html')
-rw-r--r-- | src/journal/browse.html | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/src/journal/browse.html b/src/journal/browse.html index 362611b1c2..f16e346d90 100644 --- a/src/journal/browse.html +++ b/src/journal/browse.html @@ -81,9 +81,10 @@ <body> <!-- TODO: - - - show red lines for reboots - - show contents of entries --> + - live display + - keyboard navigation + - localstorage + - show red lines for reboots --> <h1 id="title"></h1> @@ -189,8 +190,8 @@ var d = JSON.parse(event.currentTarget.responseText); var title = document.getElementById("title"); - title.innerHTML = 'Journal of ' + d.hostname; - document.title = 'Journal of ' + d.hostname; + title.innerHTML = 'Journal of ' + escapeHTML(d.hostname); + document.title = 'Journal of ' + escapeHTML(d.hostname); var machine = document.getElementById("machine"); machine.innerHTML = 'Machine ID is <b>' + d.machine_id + '</b>, current boot ID is <b>' + d.boot_id + '</b>.'; @@ -204,10 +205,10 @@ usage.innerHTML = 'Disk usage is <b>' + formatBytes(parseInt(d.usage)) + '</b>.'; var os = document.getElementById("os"); - os.innerHTML = 'Operating system is <b>' + d.os_pretty_name + '</b>.'; + os.innerHTML = 'Operating system is <b>' + escapeHTML(d.os_pretty_name) + '</b>.'; var virtualization = document.getElementById("virtualization"); - virtualization.innerHTML = d.virtualization == "bare" ? "Running on <b>bare metal</b>." : "Running on virtualization <b>" + d.virtualization + "</b>."; + virtualization.innerHTML = d.virtualization == "bare" ? "Running on <b>bare metal</b>." : "Running on virtualization <b>" + escapeHTML(d.virtualization) + "</b>."; } function entriesLoad(range) { @@ -298,14 +299,14 @@ buf += '</td><td class="process">'; if (d.SYSLOG_IDENTIFIER != undefined) - buf += d.SYSLOG_IDENTIFIER; + buf += escapeHTML(d.SYSLOG_IDENTIFIER); else if (d._COMM != undefined) - buf += d._COMM; + buf += escapeHTML(d._COMM); if (d._PID != undefined) - buf += "[" + d._PID + "]"; + buf += "[" + escapeHTML(d._PID) + "]"; else if (d.SYSLOG_PID != undefined) - buf += "[" + d.SYSLOG_PID + "]"; + buf += "[" + escapeHTML(d.SYSLOG_PID) + "]"; buf += '</td><td class="' + clazz + '"><a href="#entry" onclick="onMessageClick(\'' + lc + '\');">'; @@ -345,15 +346,21 @@ var d = JSON.parse(event.currentTarget.responseText); document.getElementById("diventry").style.display = "block"; - entry = document.getElementById("tableentry"); var buf = ""; - for (var key in d){ - buf += '<tr><td class="field">' + key + '</td><td class="data">' + d[key] + '</td></tr>'; - } + var data = d[key]; + if (data == null) + data = "[blob data]"; + else if (data instanceof Array) + data = "[" + formatBytes(data.length) + " blob data]"; + else + data = escapeHTML(data); + + buf += '<tr><td class="field">' + key + '</td><td class="data">' + data + '</td></tr>'; + } entry.innerHTML = '<tbody>' + buf + '</tbody>'; } |