summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Moisseev <moiseev@mezonplus.ru>2017-07-23 12:59:57 +0300
committerAlexander Moisseev <moiseev@mezonplus.ru>2017-07-23 12:59:57 +0300
commit75cfe801fb55fc6dc8c2f565a6b5bf0452549365 (patch)
tree48c774b5cbd1304f2c024a38809164c2e5e71c7f
parente43e23c47eaea3076b7d9e914a599c94409c5058 (diff)
downloadrspamd-75cfe801fb55fc6dc8c2f565a6b5bf0452549365.tar.gz
rspamd-75cfe801fb55fc6dc8c2f565a6b5bf0452549365.zip
[WebUI] Escape strings inside HTML in history
-rw-r--r--interface/js/app/history.js43
1 files changed, 35 insertions, 8 deletions
diff --git a/interface/js/app/history.js b/interface/js/app/history.js
index 378c3cf7b..381c01d0d 100644
--- a/interface/js/app/history.js
+++ b/interface/js/app/history.js
@@ -36,20 +36,49 @@ function($, _, Humanize) {
'`': '&#x60;',
'=': '&#x3D;'
};
- var htmlEscaper = /[&<>"'\/]/g;
-
+ var htmlEscaper = /[&<>"'\/`=]/g;
+
EscapeHTML = function(string) {
return ('' + string).replace(htmlEscaper, function(match) {
return htmlEscapes[match];
});
};
-
+
+ escape_HTML_array = function (arr) {
+ arr.forEach(function (d, i) { arr[i] = EscapeHTML(d) });
+ };
+
function unix_time_format(tm) {
var date = new Date(tm ? tm * 1000 : 0);
return date.toLocaleString();
}
function preprocess_item(item) {
+ for (var prop in item) {
+ switch (prop) {
+ case "rcpt_mime":
+ case "rcpt_smtp":
+ escape_HTML_array(item[prop]);
+ break;
+ case "symbols":
+ Object.keys(item.symbols).map(function(key) {
+ var sym = item.symbols[key];
+
+ sym.name = EscapeHTML(sym.name);
+ sym.description = EscapeHTML(sym.description);
+
+ if (sym.options) {
+ escape_HTML_array(sym.options);
+ }
+ });
+ break;
+ default:
+ if (typeof (item[prop]) == "string") {
+ item[prop] = EscapeHTML(item[prop]);
+ }
+ }
+ }
+
if (item.action === 'clean' || item.action === 'no action') {
item.action = "<div style='font-size:11px' class='label label-success'>" + item.action + "</div>";
} else if (item.action === 'rewrite subject' || item.action === 'add header' || item.action === 'probable spam') {
@@ -88,7 +117,7 @@ function($, _, Humanize) {
preprocess_item(item);
Object.keys(item.symbols).map(function(key) {
var sym = item.symbols[key];
- var str = '<strong>' + key + '</strong>' + "(" + sym.score + ")";
+ var str = '<strong>' + sym.name + '</strong>' + "(" + sym.score + ")";
if (sym.options) {
str += '[' + sym.options.join(",") + "]";
@@ -162,8 +191,7 @@ function($, _, Humanize) {
"textOverflow": "ellipsis",
"wordBreak": "break-all",
"whiteSpace": "normal"
- },
- "formatter": EscapeHTML
+ }
}, {
"name": "ip",
"title": "IP address",
@@ -196,8 +224,7 @@ function($, _, Humanize) {
"font-size": "11px",
"word-break": "break-all",
"minWidth": 150
- },
- "formatter": EscapeHTML
+ }
}, {
"name": "action",
"title": "Action",