YunoHost/yunohost-admin
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost-admin.git synced 2024-09-03 20:06:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

escape html in logs and fix 'ref'

Browse source
This commit is contained in:
axolotle 2021-01-19 18:16:00 +01:00
parent 188dc6ac50
commit ebe8740f72
2 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
app/src/helpers/commons.js
View file

@ -103,6 +103,28 @@ export function arrayDiff (arr1 = [], arr2 = []) {
} }
/**
* Returns a new string with escaped HTML (`&<>"'` replaced by entities).
*
* @param {String} unsafe
* @return {String}
*/
export function escapeHtml (unsafe) {
return unsafe
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;')
}
/**
* Returns a random integer between `min` and `max`.
*
* @param {Number} min
* @param {Number} max
* @return {Number}
*/
export function randint (min, max) { export function randint (min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min return Math.floor(Math.random() * (max - min + 1)) + min
} }

11
app/src/views/tool/ToolLog.vue
View file

@ -31,7 +31,7 @@
</card> </card>
<div v-if="info.error" class="alert alert-danger my-5"> <div v-if="info.error" class="alert alert-danger my-5">
<icon iname="exclamation-circle" /> {{ $t('operation_failed_explanation') }} <icon iname="exclamation-circle" /> <span v-html="$t('operation_failed_explanation')" />
</div> </div>
<!-- LOGS CARD --> <!-- LOGS CARD -->
@ -45,7 +45,7 @@
<b-button <b-button
v-if="moreLogsAvailable" v-if="moreLogsAvailable"
variant="white" class="w-100 rounded-0" variant="white" class="w-100 rounded-0"
@click="$ref.view.fetchQueries()" @click="$refs.view.fetchQueries()"
> >
<icon iname="plus" /> {{ $t('logs_more') }} <icon iname="plus" /> {{ $t('logs_more') }}
</b-button> </b-button>
@ -61,7 +61,7 @@
<script> <script>
import api from '@/api' import api from '@/api'
import { objectToParams } from '@/helpers/commons' import { objectToParams, escapeHtml } from '@/helpers/commons'
import { readableDate } from '@/helpers/filters/date' import { readableDate } from '@/helpers/filters/date'
export default { export default {
@ -107,14 +107,15 @@ export default {
const levels = ['ERROR', 'WARNING', 'SUCCESS', 'INFO'] const levels = ['ERROR', 'WARNING', 'SUCCESS', 'INFO']
this.logs = log.logs.map(line => { this.logs = log.logs.map(line => {
const escaped = escapeHtml(line)
for (const level of levels) { for (const level of levels) {
if (line.includes(level + ' -')) { if (line.includes(level + ' -')) {
return `<span class="alert-${level === 'ERROR' return `<span class="alert-${level === 'ERROR'
? 'danger' ? 'danger'
: level.toLowerCase()}">${line}</span>` : level.toLowerCase()}">${escaped}</span>`
} }
} }
return line return escaped
}).join('\n') }).join('\n')
// eslint-disable-next-line // eslint-disable-next-line
const { started_at, ended_at, error, success, suboperations } = log.metadata const { started_at, ended_at, error, success, suboperations } = log.metadata