thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 02:41:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Escape user input <ins> and <del> elements in logs

Browse Source
This commit is contained in:
thiloho
2025-04-06 16:43:12 +02:00
parent 70a81158ef
commit 5a6214878f
2 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.server.ts
View File

@@ -80,17 +80,18 @@ export const actions: Actions = {
const htmlDiff = (oldValue: string, newValue: string) => { const htmlDiff = (oldValue: string, newValue: string) => {
const diff = dmp.diff_main(oldValue, newValue); const diff = dmp.diff_main(oldValue, newValue);
dmp.diff_cleanupSemantic(diff);
return diff return diff
.map(([op, text]) => { .map(([op, text]) => {
const escapedText = text.replace(/</g, "&lt;").replace(/>/g, "&gt;");
switch (op) { switch (op) {
case 1: case 1:
return `<ins>${text}</ins>`; return `<ins>${escapedText}</ins>`;
case -1: case -1:
return `<del>${text}</del>`; return `<del>${escapedText}</del>`;
default: default:
return text; return escapedText;
} }
}) })
.join(""); .join("");

14
web-app/src/routes/(authenticated)/website/[websiteId]/logs/+page.svelte
View File

@@ -141,24 +141,20 @@
<button type="submit">Compute diff</button> <button type="submit">Compute diff</button>
</form> </form>
{#if form?.logId === id && form?.currentDiff} {#if form?.logId === id && form?.currentDiff}
<pre>{@html DOMPurify.sanitize( <pre>{@html form.currentDiff
// .replace takes escaped text representations of line breaks and converts them to real line breaks that render correctly in HTML .replace(/\\\"/g, '"')
form.currentDiff.replace(/\\r\\n|\\n|\\r/g, "\n").replace(/\\\"/g, '"'), .replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
{
ALLOWED_TAGS: ["ins", "del"]
}
)}</pre>
{/if} {/if}
{/if} {/if}
{#if new_value && !old_value} {#if new_value && !old_value}
<h4>New value</h4> <h4>New value</h4>
<pre>{DOMPurify.sanitize(newValue)}</pre> <pre>{newValue.replace(/\\\"/g, '"').replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
{/if} {/if}
{#if old_value && !new_value} {#if old_value && !new_value}
<h4>Old value</h4> <h4>Old value</h4>
<pre>{DOMPurify.sanitize(oldValue)}</pre> <pre>{oldValue.replace(/\\\"/g, '"').replace(/\\r\\n|\\n|\\r/g, "\n")}</pre>
{/if} {/if}
</Modal> </Modal>
</td> </td>