From fd2c6fd49e2a2e04bbc0ed2c282819c9fbf873d4 Mon Sep 17 00:00:00 2001
From: root <root@ip-10-0-0-105.eu-west-1.compute.internal>
Date: Wed, 27 Dec 2023 13:13:03 +0000
Subject: [PATCH] fixing html sanitiation

---
 frontend/js/app/openappsec-log/list-all/item.js           | 6 +++---
 frontend/js/app/openappsec-log/list-important/item.js     | 3 ++-
 frontend/js/app/openappsec-log/list-notifications/item.js | 1 +
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/frontend/js/app/openappsec-log/list-all/item.js b/frontend/js/app/openappsec-log/list-all/item.js
index a65006f0..5ed43006 100644
--- a/frontend/js/app/openappsec-log/list-all/item.js
+++ b/frontend/js/app/openappsec-log/list-all/item.js
@@ -28,13 +28,13 @@ module.exports = Mn.View.extend({
 
             return '#' + (this.object_id || '?');
         },
-        createSpecificTableCell: function(value) {
+	    createSpecificTableCell: function(value) {
             if (value && value.trim() !== '') {
+                value = value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
                 return `<td>${value}</td>`;
             } else {
                 return `<td class="text-center">-</td>`;
             }
-        }
-        
+        }        
     }
 });
diff --git a/frontend/js/app/openappsec-log/list-important/item.js b/frontend/js/app/openappsec-log/list-important/item.js
index 22a358e5..49de809f 100644
--- a/frontend/js/app/openappsec-log/list-important/item.js
+++ b/frontend/js/app/openappsec-log/list-important/item.js
@@ -30,7 +30,8 @@ module.exports = Mn.View.extend({
         },
         createSpecificTableCell: function(value) {
             if (value && value.trim() !== '') {
-                return `<td>${value}</td>`;
+                value = value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
+		return `<td>${value}</td>`;
             } else {
                 return `<td class="text-center">-</td>`;
             }
diff --git a/frontend/js/app/openappsec-log/list-notifications/item.js b/frontend/js/app/openappsec-log/list-notifications/item.js
index 22a358e5..49933fe8 100644
--- a/frontend/js/app/openappsec-log/list-notifications/item.js
+++ b/frontend/js/app/openappsec-log/list-notifications/item.js
@@ -30,6 +30,7 @@ module.exports = Mn.View.extend({
         },
         createSpecificTableCell: function(value) {
             if (value && value.trim() !== '') {
+                value = value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");		    
                 return `<td>${value}</td>`;
             } else {
                 return `<td class="text-center">-</td>`;