Skip to content

do not read html tags in logs#1986

Closed
tomitomas wants to merge 1 commit intojeedom:alphafrom
tomitomas:alpha
Closed

do not read html tags in logs#1986
tomitomas wants to merge 1 commit intojeedom:alphafrom
tomitomas:alpha

Conversation

@tomitomas
Copy link
Contributor

@tomitomas tomitomas commented Mar 1, 2022

if the log msg contains html tags, then they are not displayed anymore in the "colorful" display

before :
image

after :
image

https://community.jeedom.com/t/logs-colorees-ne-pas-afficher-les-tags-html/80130

@tomitomas
do not read html tags in logs
d673624 
if the log msg contains html tags, then they are not displayed anymore in the "colorful" display
@Mips2648
Copy link
Collaborator

Mips2648 commented Mar 2, 2022

Hi,
I do agree this shouldn't be the case, this can cause xss exploit.
But I think we shouldn't limit to one char but instead use htmlspecialchars() server side on each line of log: htmlspecialchars(string $string, ENT_QUOTES)

Discussion on the topic on community: https://community.jeedom.com/t/logs-colorees-ne-pas-afficher-les-tags-html/80130/3

@KiboOst
Copy link
Collaborator

KiboOst commented Oct 16, 2022

Agree htmlspecialchars should be use for security. If anyone can do a PR, will have a look at it

@KiboOst
Copy link
Collaborator

KiboOst commented Jan 12, 2023

Integrated in alpha

@KiboOst KiboOst closed this Jan 12, 2023
@tomitomas
Copy link
Contributor Author

tomitomas commented Jan 12, 2023

Fix with 8d3e108

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Need investigations Waiting more info

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tomitomas @Mips2648 @KiboOst