From 471295d65176bf87943e1edbd231e0eb44e85efb Mon Sep 17 00:00:00 2001 From: Shen DeShayne Date: Tue, 10 May 2022 11:44:47 -0700 Subject: [PATCH 1/3] Escape HTML entities in log files Escape unsafe HTML, this allows XML and HTML tags to display instead of render. --- src/Utility.php | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/src/Utility.php b/src/Utility.php index 23e4469..bb39a84 100644 --- a/src/Utility.php +++ b/src/Utility.php @@ -63,6 +63,43 @@ function ($var) { CSS; $js = <<"'\/]/g, function (s) { + var entityMap = { + "&": "&", + "<": "<", + ">": ">", + '"': '"', + "'": ''', + "/": '/' + }; + + return entityMap[s]; + }); + } + + if (typeof(String.prototype.escapeHtml) !== 'function') { + String.prototype.escapeHtml = escapeHtml; + } +})(); + const logElem = document.getElementById("__log"); function streamLog (log) { @@ -75,7 +112,7 @@ function streamLog (log) { }).then(data => data.text()).then(data => { let html = ""; - data.split("\\n").forEach(line => { + data.escapeHtml().split("\\n").forEach(line => { let m = /^(\d{4}(-\d{2}){2} (\d{2}:){2}\d{2}) (\[[^\]]+\]){3}\[([^\]]+)\]\[([^\]]+)\]/i.exec(line); if (m !== null) { let colour = ""; From c267ebec4b64c4da371a5ac2a0eed1e83197540f Mon Sep 17 00:00:00 2001 From: Shen DeShayne Date: Tue, 10 May 2022 11:47:33 -0700 Subject: [PATCH 2/3] Version bump --- CHANGELOG.md | 4 ++++ composer.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index add0a2e..0786f04 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## 3.0.6 - 2022-05-10 +### Fixed +- Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render + ## 3.0.5 - 2021-11-23 ### Added - Add truncate / delete buttons diff --git a/composer.json b/composer.json index c52f6d9..24578e9 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "ether/logs", "description": "Access logs from the CP", - "version": "3.0.5", + "version": "3.0.6", "type": "craft-plugin", "minimum-stability": "dev", "require": { From 8db7a69776b044a9ae24c2cbf81edc1b8981f1c3 Mon Sep 17 00:00:00 2001 From: Shen DeShayne Date: Tue, 19 Mar 2024 13:09:25 -0700 Subject: [PATCH 3/3] Version bump --- CHANGELOG.md | 4 ++++ composer.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2a0b4a..1280157 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## 4.0.1 - 2024-03-19 +### Fixed +- Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render + ## 3.0.6 - 2022-05-10 ### Fixed - Escape unsafe HTML, this allows XML and HTML tags to display as text instead of render diff --git a/composer.json b/composer.json index 3576bdd..695f47c 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "ether/logs", "description": "Access logs from the CP", - "version": "3.0.6", + "version": "4.0.1", "type": "craft-plugin", "minimum-stability": "dev", "require": {