From: moisseev <moiseev@mezonplus.ru>
Date: Tue, 9 Apr 2024 06:14:07 +0000 (+0300)
Subject: [WebUI] Escape HTML characters in errors history
X-Git-Tag: 3.9.0~74^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4913%2Fhead;p=thirdparty%2Frspamd.git

[WebUI] Escape HTML characters in errors history
---

diff --git a/interface/js/app/history.js b/interface/js/app/history.js
index 6366f67238..1859220873 100644
--- a/interface/js/app/history.js
+++ b/interface/js/app/history.js
@@ -262,6 +262,10 @@ define(["jquery", "app/common", "app/libft", "footable"],
                                 sortValue: item.ts
                             }
                         };
+                        for (const prop in item) {
+                            if (!{}.hasOwnProperty.call(item, prop)) continue;
+                            if (typeof item[prop] === "string") item[prop] = common.escapeHTML(item[prop]);
+                        }
                     });
                     if (Object.prototype.hasOwnProperty.call(common.tables, "errors")) {
                         common.tables.errors.rows.load(rows);
diff --git a/interface/js/app/libft.js b/interface/js/app/libft.js
index e45a1718d5..1e81cfd26e 100644
--- a/interface/js/app/libft.js
+++ b/interface/js/app/libft.js
@@ -491,9 +491,7 @@ define(["jquery", "app/common", "footable"],
                         });
                         break;
                     default:
-                        if (typeof item[prop] === "string") {
-                            item[prop] = common.escapeHTML(item[prop]);
-                        }
+                        if (typeof item[prop] === "string") item[prop] = common.escapeHTML(item[prop]);
                 }
             }