[WebUI] Escape HTML characters in errors history

author: moisseev <moiseev@mezonplus.ru> 2024-04-09 09:14:07 +0300
committer: moisseev <moiseev@mezonplus.ru> 2024-04-09 09:14:07 +0300
commit: 126584384ea4d7e26289771b4d663e796f2f65f6 (patch)
tree: 1c92111347d770af0625b461f1e02005d257aceb /interface/js/app/history.js
parent: 748f80fdfe4076488442aecf418fa8ac30bce72e (diff)
download: rspamd-126584384ea4d7e26289771b4d663e796f2f65f6.tar.gz
rspamd-126584384ea4d7e26289771b4d663e796f2f65f6.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/interface/js/app/history.js b/interface/js/app/history.js
index 6366f6723..185922087 100644
--- a/interface/js/app/history.js
+++ b/interface/js/app/history.js
@@ -262,6 +262,10 @@ define(["jquery", "app/common", "app/libft", "footable"],
                                 sortValue: item.ts
                             }
                         };
+                        for (const prop in item) {
+                            if (!{}.hasOwnProperty.call(item, prop)) continue;
+                            if (typeof item[prop] === "string") item[prop] = common.escapeHTML(item[prop]);
+                        }
                     });
                     if (Object.prototype.hasOwnProperty.call(common.tables, "errors")) {
                         common.tables.errors.rows.load(rows);
author	moisseev <moiseev@mezonplus.ru>	2024-04-09 09:14:07 +0300
committer	moisseev <moiseev@mezonplus.ru>	2024-04-09 09:14:07 +0300
commit	126584384ea4d7e26289771b4d663e796f2f65f6 (patch)
tree	1c92111347d770af0625b461f1e02005d257aceb /interface/js/app/history.js
parent	748f80fdfe4076488442aecf418fa8ac30bce72e (diff)
download	rspamd-126584384ea4d7e26289771b4d663e796f2f65f6.tar.gz rspamd-126584384ea4d7e26289771b4d663e796f2f65f6.zip