From 34d51577e3fd971785443db3ef52d643bc4a7e64 Mon Sep 17 00:00:00 2001
From: Stefal <stephane.peneau@wanadoo.fr>
Date: Sat, 25 Jan 2025 18:21:18 +0100
Subject: [PATCH] fix #450 (escaping html char)

---
 web_app/server.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/web_app/server.py b/web_app/server.py
index 6ed52d9..383c45f 100755
--- a/web_app/server.py
+++ b/web_app/server.py
@@ -39,6 +39,7 @@
 import requests
 import tempfile
 import argparse
+import html
 
 from threading import Thread
 from RTKLIB import RTKLIB
@@ -509,13 +510,13 @@ def diagnostic():
                                 universal_newlines=True,
                                 check=False)
         journalctl = subprocess.run(['journalctl', '--since', '7 days ago', '-u', service['service_unit']], 
-                                 stdout=subprocess.PIPE, 
+                                 stdout=subprocess.PIPE,
                                  universal_newlines=True,
                                  check=False)
         
         #Replace carrier return to <br> for html view
-        sysctl_status = sysctl_status.stdout.replace('\n', '<br>') 
-        journalctl = journalctl.stdout.replace('\n', '<br>')
+        sysctl_status = html.escape(sysctl_status.stdout.replace('\n', '<br>'))
+        journalctl = html.escape(journalctl.stdout.replace('\n', '<br>'))
         active_state = "Active" if service.get('active') == True else "Inactive"
         logs.append({'name' : service['service_unit'], 'active' : active_state, 'sysctl_status' : sysctl_status, 'journalctl' : journalctl})