Skip to content

Commit

Permalink
Merge pull request #12 from shennyg/master
Browse files Browse the repository at this point in the history
Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render
  • Loading branch information
Tam authored Mar 5, 2024
2 parents 644e5e5 + c267ebe commit 2879418
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 3.0.6 - 2022-05-10
### Fixed
- Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render

## 3.0.5 - 2021-11-23
### Added
- Add truncate / delete buttons
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "ether/logs",
"description": "Access logs from the CP",
"version": "3.0.5",
"version": "3.0.6",
"type": "craft-plugin",
"minimum-stability": "dev",
"require": {
Expand Down
39 changes: 38 additions & 1 deletion src/Utility.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,43 @@ function ($var) {
CSS;

$js = <<<JS
/** Mixin to extend the String type with a method to escape unsafe characters
* for use in HTML. Uses OWASP guidelines for safe strings in HTML.
*
* Credit: http://benv.ca/2012/10/4/you-are-probably-misusing-DOM-text-methods/
* https://github.com/janl/mustache.js/blob/16ffa430a111dc293cd9ed899ecf9da3729f58bd/mustache.js#L62
*
* Maintained by [email protected]
*
* @license http://opensource.org/licenses/MIT
*
* @version 1.0
*
* @mixin
*/
(function(){
"use strict";
function escapeHtml() {
return this.replace(/[&<>"'\/]/g, function (s) {
var entityMap = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};
return entityMap[s];
});
}
if (typeof(String.prototype.escapeHtml) !== 'function') {
String.prototype.escapeHtml = escapeHtml;
}
})();
const logElem = document.getElementById("__log");
function streamLog (log) {
Expand All @@ -75,7 +112,7 @@ function streamLog (log) {
}).then(data => data.text()).then(data => {
let html = "";
data.split("\\n").forEach(line => {
data.escapeHtml().split("\\n").forEach(line => {
let m = /^(\d{4}(-\d{2}){2} (\d{2}:){2}\d{2}) (\[[^\]]+\]){3}\[([^\]]+)\]\[([^\]]+)\]/i.exec(line);
if (m !== null) {
let colour = "";
Expand Down

0 comments on commit 2879418

Please sign in to comment.