Skip to content

Commit

Permalink
Merge pull request #15 from shennyg/fix/escape-entities-craft4
Browse files Browse the repository at this point in the history
Escape HTML entities in log files for Craft 4
  • Loading branch information
Tam authored May 9, 2024
2 parents b9c8575 + 8db7a69 commit 801df4d
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 1 deletion.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
## 4.0.1 - 2024-03-19
### Fixed
- Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render

## 3.0.6 - 2022-05-10
### Fixed
- Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render

## 4.0.0 - 2022-07-11
### Changed
- Craft 4 release
Expand Down
1 change: 1 addition & 0 deletions composer.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"name": "ether/logs",
"description": "Access logs from the CP",
"version": "4.0.1",
"type": "craft-plugin",
"minimum-stability": "dev",
"require": {
Expand Down
39 changes: 38 additions & 1 deletion src/Utility.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,43 @@ function ($var) {
CSS;

$js = <<<JS
/** Mixin to extend the String type with a method to escape unsafe characters
* for use in HTML. Uses OWASP guidelines for safe strings in HTML.
*
* Credit: http://benv.ca/2012/10/4/you-are-probably-misusing-DOM-text-methods/
* https://github.com/janl/mustache.js/blob/16ffa430a111dc293cd9ed899ecf9da3729f58bd/mustache.js#L62
*
* Maintained by [email protected]
*
* @license http://opensource.org/licenses/MIT
*
* @version 1.0
*
* @mixin
*/
(function(){
"use strict";
function escapeHtml() {
return this.replace(/[&<>"'\/]/g, function (s) {
var entityMap = {
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': '&quot;',
"'": '&#39;',
"/": '&#x2F;'
};
return entityMap[s];
});
}
if (typeof(String.prototype.escapeHtml) !== 'function') {
String.prototype.escapeHtml = escapeHtml;
}
})();
const logElem = document.getElementById("__log");
function streamLog (log) {
Expand All @@ -75,7 +112,7 @@ function streamLog (log) {
}).then(data => data.text()).then(data => {
let html = "";
data.split("\\n").forEach(line => {
data.escapeHtml().split("\\n").forEach(line => {
let m = /^(\d{4}(-\d{2}){2} (\d{2}:){2}\d{2}) (\[[^\]]+\]){3}\[([^\]]+)\]\[([^\]]+)\]/i.exec(line);
if (m !== null) {
let colour = "";
Expand Down

0 comments on commit 801df4d

Please sign in to comment.