diff options
author | Mantas Mikulėnas <grawity@gmail.com> | 2012-10-10 23:00:25 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-10-10 23:00:59 +0200 |
commit | 522795e07742b4e804896147a21e026bb34602ba (patch) | |
tree | 319fe7b59cdf2f7cd0b992a5177f85be16b3ee59 /src | |
parent | c6511e859c35b12de4e6fb5f58d7258d9de3b8f2 (diff) |
journal: properly escape HTML entities in browse.html
Diffstat (limited to 'src')
-rw-r--r-- | src/journal/browse.html | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/journal/browse.html b/src/journal/browse.html index 068b296da1..362611b1c2 100644 --- a/src/journal/browse.html +++ b/src/journal/browse.html @@ -177,6 +177,10 @@ return u.toString() + " B"; } + function escapeHTML(s) { + return s.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">"); + } + function machineOnResult(event) { if ((event.currentTarget.readyState != 4) || (event.currentTarget.status != 200 && event.currentTarget.status != 0)) @@ -310,7 +314,7 @@ else if (d.MESSAGE instanceof Array) buf += "[" + formatBytes(d.MESSAGE.length) + " blob data]"; else - buf += d.MESSAGE; + buf += escapeHTML(d.MESSAGE); buf += '</a></td></tr>'; } |