diff options
author | Alexander Moisseev <moiseev@mezonplus.ru> | 2017-07-23 12:59:57 +0300 |
---|---|---|
committer | Alexander Moisseev <moiseev@mezonplus.ru> | 2017-07-23 12:59:57 +0300 |
commit | 75cfe801fb55fc6dc8c2f565a6b5bf0452549365 (patch) | |
tree | 48c774b5cbd1304f2c024a38809164c2e5e71c7f | |
parent | e43e23c47eaea3076b7d9e914a599c94409c5058 (diff) | |
download | rspamd-75cfe801fb55fc6dc8c2f565a6b5bf0452549365.tar.gz rspamd-75cfe801fb55fc6dc8c2f565a6b5bf0452549365.zip |
[WebUI] Escape strings inside HTML in history
-rw-r--r-- | interface/js/app/history.js | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/interface/js/app/history.js b/interface/js/app/history.js index 378c3cf7b..381c01d0d 100644 --- a/interface/js/app/history.js +++ b/interface/js/app/history.js @@ -36,20 +36,49 @@ function($, _, Humanize) { '`': '`', '=': '=' }; - var htmlEscaper = /[&<>"'\/]/g; - + var htmlEscaper = /[&<>"'\/`=]/g; + EscapeHTML = function(string) { return ('' + string).replace(htmlEscaper, function(match) { return htmlEscapes[match]; }); }; - + + escape_HTML_array = function (arr) { + arr.forEach(function (d, i) { arr[i] = EscapeHTML(d) }); + }; + function unix_time_format(tm) { var date = new Date(tm ? tm * 1000 : 0); return date.toLocaleString(); } function preprocess_item(item) { + for (var prop in item) { + switch (prop) { + case "rcpt_mime": + case "rcpt_smtp": + escape_HTML_array(item[prop]); + break; + case "symbols": + Object.keys(item.symbols).map(function(key) { + var sym = item.symbols[key]; + + sym.name = EscapeHTML(sym.name); + sym.description = EscapeHTML(sym.description); + + if (sym.options) { + escape_HTML_array(sym.options); + } + }); + break; + default: + if (typeof (item[prop]) == "string") { + item[prop] = EscapeHTML(item[prop]); + } + } + } + if (item.action === 'clean' || item.action === 'no action') { item.action = "<div style='font-size:11px' class='label label-success'>" + item.action + "</div>"; } else if (item.action === 'rewrite subject' || item.action === 'add header' || item.action === 'probable spam') { @@ -88,7 +117,7 @@ function($, _, Humanize) { preprocess_item(item); Object.keys(item.symbols).map(function(key) { var sym = item.symbols[key]; - var str = '<strong>' + key + '</strong>' + "(" + sym.score + ")"; + var str = '<strong>' + sym.name + '</strong>' + "(" + sym.score + ")"; if (sym.options) { str += '[' + sym.options.join(",") + "]"; @@ -162,8 +191,7 @@ function($, _, Humanize) { "textOverflow": "ellipsis", "wordBreak": "break-all", "whiteSpace": "normal" - }, - "formatter": EscapeHTML + } }, { "name": "ip", "title": "IP address", @@ -196,8 +224,7 @@ function($, _, Humanize) { "font-size": "11px", "word-break": "break-all", "minWidth": 150 - }, - "formatter": EscapeHTML + } }, { "name": "action", "title": "Action", |