Merge pull request #10965 from s-hadinger/zigbee_escape_html

Zigbee ensure HTML encoding
This commit is contained in:
s-hadinger 2021-02-14 20:11:14 +01:00 committed by GitHub
commit 0e1ce79741
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 4 deletions

View File

@ -142,6 +142,15 @@ bool Z_Mapper::addEdge(const Z_Mapper_Edge & edge2) {
return true; return true;
} }
String EscapeHTMLString(const char *s_P) {
String s((const __FlashStringHelper*) s_P);
s.replace(F("&"), F("&"));
s.replace(F("\""), F("""));
s.replace(F("<"), F("&lt;"));
s.replace(F(">"), F("&gt;"));
return s;
}
void Z_Mapper::dumpInternals(void) const { void Z_Mapper::dumpInternals(void) const {
WSContentSend_P(PSTR("nodes:[" "{id:\"0x0000\",label:\"Coordinator\",group:\"o\",title:\"0x0000\"}")); WSContentSend_P(PSTR("nodes:[" "{id:\"0x0000\",label:\"Coordinator\",group:\"o\",title:\"0x0000\"}"));
for (const auto & device : zigbee_devices.getDevices()) { for (const auto & device : zigbee_devices.getDevices()) {
@ -150,7 +159,7 @@ void Z_Mapper::dumpInternals(void) const {
const char *fname = device.friendlyName; const char *fname = device.friendlyName;
if (fname != nullptr) { if (fname != nullptr) {
WSContentSend_P(PSTR("%s"), fname); WSContentSend_P(PSTR("%s"), EscapeJSONString(fname).c_str());
} else { } else {
WSContentSend_P(PSTR("0x%04X"), device.shortaddr); WSContentSend_P(PSTR("0x%04X"), device.shortaddr);
} }

View File

@ -1960,9 +1960,9 @@ void ZigbeeShow(bool json)
WSContentSend_PD(msg[ZB_WEB_STATUS_LINE], WSContentSend_PD(msg[ZB_WEB_STATUS_LINE],
shortaddr, shortaddr,
device.modelId ? device.modelId : "", device.modelId ? EscapeHTMLString(device.modelId).c_str() : "",
device.manufacturerId ? device.manufacturerId : "", device.manufacturerId ? EscapeHTMLString(device.manufacturerId).c_str() : "",
name, sbatt, slqi); EscapeHTMLString(name).c_str(), sbatt, slqi);
if(device.validLqi()) { if(device.validLqi()) {
for(uint32_t j = 0; j < 4; ++j) { for(uint32_t j = 0; j < 4; ++j) {