Escape HTML in cells by using underscores escaper

author André Peters <andryyy@users.noreply.github.com>

Sat, 8 Jul 2017 20:56:21 +0000 (22:56 +0200)

committer Andrew Lewis <nerf@judo.za.org>

Tue, 11 Jul 2017 09:16:11 +0000 (11:16 +0200)
author André Peters <andryyy@users.noreply.github.com>
Sat, 8 Jul 2017 20:56:21 +0000 (22:56 +0200)
committer Andrew Lewis <nerf@judo.za.org>
Tue, 11 Jul 2017 09:16:11 +0000 (11:16 +0200)
diff --git a/interface/js/app/history.js b/interface/js/app/history.js

index 3e8010de4de14239f99c23bd1fa7a4e79c562899..02c3930116407515af7c9a4c0aba7a83539c7bad 100644 (file)
--- a/interface/js/app/history.js
+++ b/interface/js/app/history.js
@@ -26,7 +26,22 @@ define(['jquery', 'footable', 'humanize'],
  function($, _, Humanize) {
      var interface = {};
      var ft = {};
-
+    var htmlEscapes = {
+      '&': '&amp;',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#x27;',
+      '/': '&#x2F;'
+    };
+    var htmlEscaper = /[&<>"'\/]/g;
+ 
+    EscapeHTML = function(string) {
+      return ('' + string).replace(htmlEscaper, function(match) {
+        return htmlEscapes[match];
+      });
+    };
+ 
      function unix_time_format(tm) {
          var date = new Date(tm ? tm * 1000 : 0);
          return date.toLocaleString();
@@ -178,7 +193,8 @@ function($, _, Humanize) {
                      "font-size": "11px",
                      "word-break": "break-all",
                      "minWidth": 150
-                }
+                },
+                "formatter": EscapeHTML
              }, {
                  "name": "action",
                  "title": "Action",
author	André Peters <andryyy@users.noreply.github.com>
	Sat, 8 Jul 2017 20:56:21 +0000 (22:56 +0200)
committer	Andrew Lewis <nerf@judo.za.org>
	Tue, 11 Jul 2017 09:16:11 +0000 (11:16 +0200)