We're just implicitly escaping the tail content by not using .load() but explicitly setting the text content using .text(), so that escaping isn't needed on our side.
This should get rid of a few formatting errors and possibly XSS if someone manages to place JS code in the tail of a build and manages to lurk a user to that tail output.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
YOA2RTLEQ7VK5XJONABRY4K43VVAXDK3FGS5LI57QNOXAHZVFEBQC
$(document).ready(function() {
$("#contents").load("[% url %]");
var refreshId = setInterval(function() {
$("#contents").load("[% url %]");
}, 5000);
function injectTail() {
$.ajax({
url: "[% url %]",
dataType: "text",
success: function (tail) {
$("#contents").text(tail);
}
});
}
$(document).ready(function() {
injectTail();
setInterval(injectTail, 5000);