grahamc/hydra - Change YOA2RTLEQ7VK5XJONABRY4K43VVAXDK3FGS5LI57QNOXAHZVFEBQC

plain-reload.tt: Properly escape tail content.

We're just implicitly escaping the tail content by not using .load() but explicitly setting the text content using .text(), so that escaping isn't needed on our side.

This should get rid of a few formatting errors and possibly XSS if someone manages to place JS code in the tail of a build and manages to lurk a user to that tail output.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

Created by aszlig on April 2, 2015

YOA2RTLEQ7VK5XJONABRY4K43VVAXDK3FGS5LI57QNOXAHZVFEBQC

Dependencies

[2] 3JBUMW3ECBQ5OARJEWPD7U5LIAIVGVMZUB7VG3ZLEWA3AV5EXDKQC

In channels

upstream

main

Change contents

Replacement in src/root/plain-reload.tt at line 12 [2.1]

B:BD[2.119] → [2.119:287]

 $(document).ready(function() {
     $("#contents").load("[% url %]");
   var refreshId = setInterval(function() {
      $("#contents").load("[% url %]");
   }, 5000);

[2.119]

[2.287]

function injectTail() {
    $.ajax({
        url: "[% url %]",
        dataType: "text",
        success: function (tail) {
            $("#contents").text(tail);
        }
    });
}
$(document).ready(function() {
    injectTail();
    setInterval(injectTail, 5000);