From cc33732b18f14391763299f0d6bee6a573a4a16a Mon Sep 17 00:00:00 2001
From: Bad <BadWolf42@users.noreply.github.com>
Date: Wed, 17 Jan 2024 14:09:39 +0100
Subject: [PATCH 1/2] Fix special chars in colored logs

---
 core/api/jeeApi.php      | 2 +-
 core/class/log.class.php | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/core/api/jeeApi.php b/core/api/jeeApi.php
index f10c50fc00..751d4a34af 100644
--- a/core/api/jeeApi.php
+++ b/core/api/jeeApi.php
@@ -110,7 +110,7 @@
 		if ($type == 'interact') {
 			$query = init('query');
 			if (init('utf8', 0) == 1) {
-				$query = mb_convert_encoding($query, 'UTF-8', 'ISO-8859-1');
+				$query = mb_convert_encoding($query, 'UTF-8');
 			}
 			$param = array();
 			if (init('emptyReply') != '') {
diff --git a/core/class/log.class.php b/core/class/log.class.php
index b843f74af1..b25f0d3c25 100644
--- a/core/class/log.class.php
+++ b/core/class/log.class.php
@@ -246,8 +246,9 @@ public static function get($_log, $_begin, $_nbLines) {
 			while ($log->valid() && $linesRead != $_nbLines) {
 				$line = trim($log->current()); //get current line
 				if ($line != '') {
-					$line = secureXSS($line);
-					array_unshift($page, mb_convert_encoding($line, 'UTF-8', 'ISO-8859-1'));
+					$line = htmlspecialchars($line, ENT_QUOTES | ENT_HTML5, 'UTF-8');
+					$line = str_replace('&amp;', '&', $line);
+					array_unshift($page, mb_convert_encoding($line, 'UTF-8'));
 				}
 				$log->next();
 				$linesRead++;

From 60ef3134059d2db8976906f53a39b09720e2e67e Mon Sep 17 00:00:00 2001
From: Bad <BadWolf42@users.noreply.github.com>
Date: Wed, 17 Jan 2024 19:40:30 +0100
Subject: [PATCH 2/2] Client-side html tag removal

---
 core/class/log.class.php | 2 --
 core/js/log.class.js     | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/core/class/log.class.php b/core/class/log.class.php
index b25f0d3c25..7e9317054c 100644
--- a/core/class/log.class.php
+++ b/core/class/log.class.php
@@ -246,8 +246,6 @@ public static function get($_log, $_begin, $_nbLines) {
 			while ($log->valid() && $linesRead != $_nbLines) {
 				$line = trim($log->current()); //get current line
 				if ($line != '') {
-					$line = htmlspecialchars($line, ENT_QUOTES | ENT_HTML5, 'UTF-8');
-					$line = str_replace('&amp;', '&', $line);
 					array_unshift($page, mb_convert_encoding($line, 'UTF-8'));
 				}
 				$log->next();
diff --git a/core/js/log.class.js b/core/js/log.class.js
index 04c1825bc5..3d4e17da17 100644
--- a/core/js/log.class.js
+++ b/core/js/log.class.js
@@ -261,6 +261,7 @@ jeedom.log.autoupdate = function(_params) {
       }
 
       if (colorMe) {
+        log = log.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;")
         if (isScenaroLog) {
           log = jeedom.log.scenarioColorReplace(log)
         } else {
@@ -336,4 +337,4 @@ jeedom.log.scenarioColorReplace = function(_str) {
     _str = _str.split(jeedom.log.colorScReplacement[item]['txt']).join(jeedom.log.colorScReplacement[item]['replace'].replace('::', jeedom.log.colorScReplacement[item]['txt']))
   }
   return _str
-}
\ No newline at end of file
+}