Escape <> in log messages to prevent html shenanigans. Fixes #3596

2022-10-21 16:21:25 -04:00 · 2022-10-21 16:21:25 -04:00 · e1028c1d7f
parent 1546fabfc8
commit e1028c1d7f
1 changed files with 2 additions and 2 deletions
--- a/web/skins/classic/views/js/log.js
+++ b/web/skins/classic/views/js/log.js
@ -50,8 +50,8 @@ function ajaxRequest(params) {
 function processRows(rows) {
  $j.each(rows, function(ndx, row) {
    try {
-      row.Message = decodeURIComponent(row.Message);
-    } catch(e) {
+      row.Message = decodeURIComponent(row.Message).replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    } catch (e) {
      // ignore errors
    }
  });