diff --git a/src/journal/browse.html b/src/journal/browse.html
index 362611b1c2..f16e346d90 100644
--- a/src/journal/browse.html
+++ b/src/journal/browse.html
@@ -81,9 +81,10 @@
+ - live display
+ - keyboard navigation
+ - localstorage
+ - show red lines for reboots -->
@@ -189,8 +190,8 @@
var d = JSON.parse(event.currentTarget.responseText);
var title = document.getElementById("title");
- title.innerHTML = 'Journal of ' + d.hostname;
- document.title = 'Journal of ' + d.hostname;
+ title.innerHTML = 'Journal of ' + escapeHTML(d.hostname);
+ document.title = 'Journal of ' + escapeHTML(d.hostname);
var machine = document.getElementById("machine");
machine.innerHTML = 'Machine ID is ' + d.machine_id + ', current boot ID is ' + d.boot_id + '.';
@@ -204,10 +205,10 @@
usage.innerHTML = 'Disk usage is ' + formatBytes(parseInt(d.usage)) + '.';
var os = document.getElementById("os");
- os.innerHTML = 'Operating system is ' + d.os_pretty_name + '.';
+ os.innerHTML = 'Operating system is ' + escapeHTML(d.os_pretty_name) + '.';
var virtualization = document.getElementById("virtualization");
- virtualization.innerHTML = d.virtualization == "bare" ? "Running on bare metal." : "Running on virtualization " + d.virtualization + ".";
+ virtualization.innerHTML = d.virtualization == "bare" ? "Running on bare metal." : "Running on virtualization " + escapeHTML(d.virtualization) + ".";
}
function entriesLoad(range) {
@@ -298,14 +299,14 @@
buf += '| ';
if (d.SYSLOG_IDENTIFIER != undefined)
- buf += d.SYSLOG_IDENTIFIER;
+ buf += escapeHTML(d.SYSLOG_IDENTIFIER);
else if (d._COMM != undefined)
- buf += d._COMM;
+ buf += escapeHTML(d._COMM);
if (d._PID != undefined)
- buf += "[" + d._PID + "]";
+ buf += "[" + escapeHTML(d._PID) + "]";
else if (d.SYSLOG_PID != undefined)
- buf += "[" + d.SYSLOG_PID + "]";
+ buf += "[" + escapeHTML(d.SYSLOG_PID) + "]";
buf += ' | ';
@@ -345,15 +346,21 @@
var d = JSON.parse(event.currentTarget.responseText);
document.getElementById("diventry").style.display = "block";
-
entry = document.getElementById("tableentry");
var buf = "";
-
for (var key in d){
- buf += '| ' + key + ' | ' + d[key] + ' | ';
- }
+ var data = d[key];
+ if (data == null)
+ data = "[blob data]";
+ else if (data instanceof Array)
+ data = "[" + formatBytes(data.length) + " blob data]";
+ else
+ data = escapeHTML(data);
+
+ buf += '| ' + key + ' | ' + data + ' | ';
+ }
entry.innerHTML = '' + buf + '';
}
|