Skip to content

Commit

Permalink
Escape HTML entities in log files
Browse files Browse the repository at this point in the history
Escape unsafe HTML, this allows XML and HTML tags to display instead of render.
  • Loading branch information
shennyg committed May 10, 2022
1 parent 644e5e5 commit 471295d
Showing 1 changed file with 38 additions and 1 deletion.
39 changes: 38 additions & 1 deletion src/Utility.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,43 @@ function ($var) {
CSS;

$js = <<<JS
/** Mixin to extend the String type with a method to escape unsafe characters
* for use in HTML. Uses OWASP guidelines for safe strings in HTML.
*
* Credit: http://benv.ca/2012/10/4/you-are-probably-misusing-DOM-text-methods/
* https://github.com/janl/mustache.js/blob/16ffa430a111dc293cd9ed899ecf9da3729f58bd/mustache.js#L62
*
* Maintained by [email protected]
*
* @license http://opensource.org/licenses/MIT
*
* @version 1.0
*
* @mixin
*/
(function(){
"use strict";
function escapeHtml() {
return this.replace(/[&<>"'\/]/g, function (s) {
var entityMap = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};
return entityMap[s];
});
}
if (typeof(String.prototype.escapeHtml) !== 'function') {
String.prototype.escapeHtml = escapeHtml;
}
})();
const logElem = document.getElementById("__log");
function streamLog (log) {
Expand All @@ -75,7 +112,7 @@ function streamLog (log) {
}).then(data => data.text()).then(data => {
let html = "";
data.split("\\n").forEach(line => {
data.escapeHtml().split("\\n").forEach(line => {
let m = /^(\d{4}(-\d{2}){2} (\d{2}:){2}\d{2}) (\[[^\]]+\]){3}\[([^\]]+)\]\[([^\]]+)\]/i.exec(line);
if (m !== null) {
let colour = "";
Expand Down

0 comments on commit 471295d

Please sign in to comment.