Escape HTML in cells by using underscores escaper

1 files changed, 18 insertions, 2 deletions

diff --git a/interface/js/app/history.js b/interface/js/app/history.js
index 3e8010de4..02c393011 100644
--- a/interface/js/app/history.js
+++ b/interface/js/app/history.js
@@ -26,7 +26,22 @@ define(['jquery', 'footable', 'humanize'],
 function($, _, Humanize) {
     var interface = {};
     var ft = {};
-
+    var htmlEscapes = {
+      '&': '&',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#x27;',
+      '/': '&#x2F;'
+    };
+    var htmlEscaper = /[&<>"'\/]/g;
+ 
+    EscapeHTML = function(string) {
+      return ('' + string).replace(htmlEscaper, function(match) {
+        return htmlEscapes[match];
+      });
+    };
+ 
     function unix_time_format(tm) {
         var date = new Date(tm ? tm * 1000 : 0);
         return date.toLocaleString();
@@ -178,7 +193,8 @@ function($, _, Humanize) {
                     "font-size": "11px",
                     "word-break": "break-all",
                     "minWidth": 150
-                }
+                },
+                "formatter": EscapeHTML
             }, {
                 "name": "action",
                 "title": "Action",