[CalendarServer-changes] [12660] CalendarServer/trunk/calendarserver/webadmin/logs.xhtml

source_changes at macosforge.org source_changes at macosforge.org
Wed Mar 12 11:18:10 PDT 2014


Revision: 12660
          http://trac.calendarserver.org//changeset/12660
Author:   wsanchez at apple.com
Date:     2014-02-11 15:33:13 -0800 (Tue, 11 Feb 2014)
Log Message:
-----------
Use createElement and createTextNode so that we're not subject to HTML injection.

Modified Paths:
--------------
    CalendarServer/trunk/calendarserver/webadmin/logs.xhtml

Modified: CalendarServer/trunk/calendarserver/webadmin/logs.xhtml
===================================================================
--- CalendarServer/trunk/calendarserver/webadmin/logs.xhtml	2014-02-11 23:32:33 UTC (rev 12659)
+++ CalendarServer/trunk/calendarserver/webadmin/logs.xhtml	2014-02-11 23:33:13 UTC (rev 12660)
@@ -36,8 +36,15 @@
             eventClass,
             function(e) {
               // Append text
-              logViewElement.innerHTML += event.data + "<br />";
 
+              if (e.lastEventId == 0) {
+                logViewElement.appendChild(document.createElement("hr"))
+              } else {
+                logViewElement.appendChild(document.createTextNode(e.data))
+                logViewElement.appendChild(document.createElement("br"))
+              }
+
+
               // Scroll to bottom
               logViewElement.scrollTop = logViewElement.scrollHeight;
             },
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/178a2063/attachment.html>


More information about the calendarserver-changes mailing list