Closed GavG closed 11 months ago
The prepareContextForOutput method translates newlines to tage for display.
https://github.com/opcodesio/log-viewer/blob/main/resources/js/components/BaseLogTable.vue#L193
However, the output is then passed through the highlightSearchResult method:
https://github.com/opcodesio/log-viewer/blob/main/resources/js/helpers.js#L16
Which calls escapeHtml, escaping any added \<br> tags.
I suspect an additional,:
.replace(/<br\/>/g, '<br/>');
Call might solve the issue, I can't forsee this opening up an XSS vector.
Addressing in the above PR: https://github.com/opcodesio/log-viewer/pull/285
Thanks a lot for the report and the fix @GavG 💪 tagged a new release, v3.1.5
The prepareContextForOutput method translates newlines to
tage for display.
https://github.com/opcodesio/log-viewer/blob/main/resources/js/components/BaseLogTable.vue#L193
However, the output is then passed through the highlightSearchResult method:
https://github.com/opcodesio/log-viewer/blob/main/resources/js/helpers.js#L16
Which calls escapeHtml, escaping any added \<br> tags.
I suspect an additional,:
Call might solve the issue, I can't forsee this opening up an XSS vector.