avoid CSS vulnerability in Job Queue page

2023-06-28 11:26:43 +01:00
parent 6375989bd5
commit 39562e0633
3 changed files with 5 additions and 4 deletions
--- a/share/views/ajax/admintask/jobqueue.tt
+++ b/share/views/ajax/admintask/jobqueue.tt
@@ -22,7 +22,7 @@
      [% ' class="nd_jobqueueitem success"' IF row.status == 'done' %]
      [% ' class="nd_jobqueueitem error"'   IF row.status == 'error' %]
      [% ' class="nd_jobqueueitem info"'    IF row.status.search('^queued-') %]
-      data-content="<pre>[% row.log | html_entity %]</pre>"
+      data-content="[% row.log | html_entity %]"
    >
      <td class="nd_center-cell">[% row.entered_stamp | html_entity %]</td>
      <td class="nd_center-cell">
--- a/share/views/js/admintask.js
+++ b/share/views/js/admintask.js
@@ -184,7 +184,7 @@
      $(this).qtip({
        overwrite: false,
        content: {
-          attr: 'data-content'
+          text: $('<span/>').text( $(this).attr("data-content") ).html()
        },
        show: {
          event: event.type,