[CalendarServer-changes] [12660] CalendarServer/trunk/calendarserver/webadmin/logs.xhtml
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 12 11:18:10 PDT 2014
Revision: 12660
http://trac.calendarserver.org//changeset/12660
Author: wsanchez at apple.com
Date: 2014-02-11 15:33:13 -0800 (Tue, 11 Feb 2014)
Log Message:
-----------
Use createElement and createTextNode so that we're not subject to HTML injection.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/webadmin/logs.xhtml
Modified: CalendarServer/trunk/calendarserver/webadmin/logs.xhtml
===================================================================
--- CalendarServer/trunk/calendarserver/webadmin/logs.xhtml 2014-02-11 23:32:33 UTC (rev 12659)
+++ CalendarServer/trunk/calendarserver/webadmin/logs.xhtml 2014-02-11 23:33:13 UTC (rev 12660)
@@ -36,8 +36,15 @@
eventClass,
function(e) {
// Append text
- logViewElement.innerHTML += event.data + "<br />";
+ if (e.lastEventId == 0) {
+ logViewElement.appendChild(document.createElement("hr"))
+ } else {
+ logViewElement.appendChild(document.createTextNode(e.data))
+ logViewElement.appendChild(document.createElement("br"))
+ }
+
+
// Scroll to bottom
logViewElement.scrollTop = logViewElement.scrollHeight;
},
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/178a2063/attachment.html>
More information about the calendarserver-changes
mailing list