From 522795e07742b4e804896147a21e026bb34602ba Mon Sep 17 00:00:00 2001
From: Mantas Mikulėnas <grawity@gmail.com>
Date: Wed, 10 Oct 2012 23:00:25 +0200
Subject: journal: properly escape HTML entities in browse.html

---
 src/journal/browse.html | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/journal')

diff --git a/src/journal/browse.html b/src/journal/browse.html
index 068b296da1..362611b1c2 100644
--- a/src/journal/browse.html
+++ b/src/journal/browse.html
@@ -177,6 +177,10 @@
                                 return u.toString() + " B";
                 }
 
+                function escapeHTML(s) {
+                        return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+                }
+
                 function machineOnResult(event) {
                         if ((event.currentTarget.readyState != 4) ||
                                 (event.currentTarget.status != 200 && event.currentTarget.status != 0))
@@ -310,7 +314,7 @@
                                 else if (d.MESSAGE instanceof Array)
                                         buf += "[" + formatBytes(d.MESSAGE.length) + " blob data]";
                                 else
-                                        buf += d.MESSAGE;
+                                        buf += escapeHTML(d.MESSAGE);
 
                                 buf += '</a></td></tr>';
                         }
-- 
cgit v1.2.3-54-g00ecf