From: André Peters <andryyy@users.noreply.github.com>
Date: Sat, 8 Jul 2017 20:56:21 +0000 (+0200)
Subject: Escape HTML in cells by using underscores escaper
X-Git-Tag: 1.6.3~3^2~9
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=65cd9704b4e236ac9f31f25a171eac063ca7546e;p=rspamd.git

Escape HTML in cells by using underscores escaper
---

diff --git a/interface/js/app/history.js b/interface/js/app/history.js
index 3e8010de4..02c393011 100644
--- a/interface/js/app/history.js
+++ b/interface/js/app/history.js
@@ -26,7 +26,22 @@ define(['jquery', 'footable', 'humanize'],
 function($, _, Humanize) {
     var interface = {};
     var ft = {};
-
+    var htmlEscapes = {
+      '&': '&amp;',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#x27;',
+      '/': '&#x2F;'
+    };
+    var htmlEscaper = /[&<>"'\/]/g;
+ 
+    EscapeHTML = function(string) {
+      return ('' + string).replace(htmlEscaper, function(match) {
+        return htmlEscapes[match];
+      });
+    };
+ 
     function unix_time_format(tm) {
         var date = new Date(tm ? tm * 1000 : 0);
         return date.toLocaleString();
@@ -178,7 +193,8 @@ function($, _, Humanize) {
                     "font-size": "11px",
                     "word-break": "break-all",
                     "minWidth": 150
-                }
+                },
+                "formatter": EscapeHTML
             }, {
                 "name": "action",
                 "title": "Action",