Fix escaping. Jtable shows (javascript-escaped) content. No other escaping is done on the content-field

For txt-records. First strip quotes surrounding the content and strip from slashes. Then, add slashes and quotes again. This maybe sub-optimal, but works for now.
2025-06-07 00:47:00 +03:00 · 2014-05-26 13:45:03 +02:00 · 2014-05-26 13:45:03 +02:00 · 2eed9b39c0
commit 2eed9b39c0
parent 2a6fd69192
2 changed files with 27 additions and 6 deletions
--- a/index.php
+++ b/index.php
@ -124,6 +124,22 @@ if (isset($templatelist)) {
 	<? } ?>
 </div>
 <script type="text/javascript">
+var entityMap = {
+    "&": "&amp;",
+    "<": "&lt;",
+    ">": "&gt;",
+    '"': '&quot;',
+    "'": '&#39;',
+    "/": '&#x2F;'
+};
+
+function escapeHtml(string) {
+    return String(string).replace(/[&<>"'\/]/g, function (s) {
+        return entityMap[s];
+    });
+};
+
+
 $(document).ready(function () {
 	<? if (is_adminuser()) { ?>
 	$('#Users').hide();
@ -241,7 +257,10 @@ $(document).ready(function () {
 										title: 'Prio'
 									},
 									content: {
-										title: 'Content'
+										title: 'Content',
+                                        display: function (data) {
+                                            return escapeHtml(data.value);
+                                        }
 									},
 									ttl: {
 										title: 'TTL'
@ -388,6 +407,9 @@ $(document).ready(function () {
 									content: {
 										title: 'Content',
 										create: true
+                                        display: function (data) {
+                                            return escapeHtml(data.value);
+                                        }
 									},
 									ttl: {
 										title: 'TTL',