dmt: Escape unintended HTML entities

Signed-off-by: Malfurious <m@lfurio.us>

2 files changed, 8 insertions, 4 deletions

diff --git a/dmt/dmt b/dmt/dmt
index 2a12bff..f3e68f3 100755
--- a/dmt/dmt
+++ b/dmt/dmt
@@ -23,7 +23,11 @@ integer() {
     [ "$1" -eq "$1" ] >/dev/null 2>&1
 }
 
-escape() {
+escape_html() {
+    sed 's/&/\&amp;/g; s/</\&lt;/g; s/>/\&gt;/g; s/"/\&quot;/g; s/'"'"'/\&#39;/g'
+}
+
+escape_json() {
     sed 's/\\/\\\\/g; s/\r/\\r/g; s/\t/\\t/g; s/"/\\"/g' \
         | awk '{printf "%s\\n", $0}'
 }
@@ -76,7 +80,7 @@ api_job() {
         printf '"service":"%s",' "$(cat "$jobdir/service")"
         printf '"time":%i,' "$(cat "$jobdir/time")"
         printf '"result":"%s",' "$result"
-        printf '"log":"%s"}' "$(log_tail "$job" | escape)"
+        printf '"log":"%s"}' "$(log_tail "$job" | escape_json)"
     fi
 }
 
diff --git a/dmt/html/master.html b/dmt/html/master.html
index 8118ca0..570c511 100644
--- a/dmt/html/master.html
+++ b/dmt/html/master.html
@@ -2,7 +2,7 @@
 
 <html>
     <head>
-        <title>%($CYCHE_SITE_NAME%)</title>
+        <title>%{ echo -n "$CYCHE_SITE_NAME" | escape_html %}</title>
         <link rel="stylesheet" type="text/css" href="/style.css" />
     </head>
 
@@ -12,7 +12,7 @@
             | etc...
 
             <span class="right">
-                %($CYCHE_SITE_NAME%)
+                %{ echo -n "$CYCHE_SITE_NAME" | escape_html %}
                 <span id="nav_progress"></span>
             </span>
         </nav>