mirror of https://github.com/gophish/gophish
Starting to fix some validation issues.
parent
16b225b189
commit
9322d70fce
|
@ -136,8 +136,8 @@ function renderTimeline(data) {
|
||||||
"position": data[5]
|
"position": data[5]
|
||||||
}
|
}
|
||||||
results = '<div class="timeline col-sm-12 well well-lg">' +
|
results = '<div class="timeline col-sm-12 well well-lg">' +
|
||||||
'<h6>Timeline for ' + record.first_name + ' ' + record.last_name +
|
'<h6>Timeline for ' + escapeHtml(record.first_name) + ' ' + escapeHtml(record.last_name) +
|
||||||
'</h6><span class="subtitle">Email: ' + record.email + '</span>' +
|
'</h6><span class="subtitle">Email: ' + escapeHtml(record.email) + '</span>' +
|
||||||
'<div class="timeline-graph col-sm-6">'
|
'<div class="timeline-graph col-sm-6">'
|
||||||
$.each(campaign.timeline, function(i, event) {
|
$.each(campaign.timeline, function(i, event) {
|
||||||
if (!event.email || event.email == record.email) {
|
if (!event.email || event.email == record.email) {
|
||||||
|
@ -147,7 +147,7 @@ function renderTimeline(data) {
|
||||||
results +=
|
results +=
|
||||||
' <div class="timeline-icon ' + statuses[event.message].label + '">' +
|
' <div class="timeline-icon ' + statuses[event.message].label + '">' +
|
||||||
' <i class="fa ' + statuses[event.message].icon + '"></i></div>' +
|
' <i class="fa ' + statuses[event.message].icon + '"></i></div>' +
|
||||||
' <div class="timeline-message">' + event.message +
|
' <div class="timeline-message">' + escapeHtml(event.message) +
|
||||||
' <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
|
' <span class="timeline-date">' + moment(event.time).format('MMMM Do YYYY h:mm') + '</span>'
|
||||||
if (event.details) {
|
if (event.details) {
|
||||||
results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'
|
results += '<div class="timeline-event-details"><i class="fa fa-caret-right"></i> View Details</div>'
|
||||||
|
@ -161,8 +161,8 @@ function renderTimeline(data) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
results += ' <tr>'
|
results += ' <tr>'
|
||||||
results += ' <td>' + param + '</td>'
|
results += ' <td>' + escapeHtml(param) + '</td>'
|
||||||
results += ' <td>' + details.payload[param] + '</td>'
|
results += ' <td>' + escapeHtml(details.payload[param]) + '</td>'
|
||||||
results += ' </tr>'
|
results += ' </tr>'
|
||||||
})
|
})
|
||||||
results += ' </tbody></table>'
|
results += ' </tbody></table>'
|
||||||
|
@ -373,10 +373,10 @@ function load() {
|
||||||
resultsTable.row.add([
|
resultsTable.row.add([
|
||||||
result.id,
|
result.id,
|
||||||
"<i class=\"fa fa-caret-right\"></i>",
|
"<i class=\"fa fa-caret-right\"></i>",
|
||||||
result.first_name || "",
|
escapeHtml(result.first_name) || "",
|
||||||
result.last_name || "",
|
escapeHtml(result.last_name) || "",
|
||||||
result.email || "",
|
escapeHtml(result.email) || "",
|
||||||
result.position || "",
|
escapeHtml(result.position) || "",
|
||||||
"<span class=\"label " + label + "\">" + result.status + "</span>"
|
"<span class=\"label " + label + "\">" + result.status + "</span>"
|
||||||
]).draw()
|
]).draw()
|
||||||
if (!email_series_data[result.status]) {
|
if (!email_series_data[result.status]) {
|
||||||
|
@ -447,7 +447,7 @@ function load() {
|
||||||
cidx = $point.attr('meta')
|
cidx = $point.attr('meta')
|
||||||
html = "Event: " + campaign.timeline[cidx].message
|
html = "Event: " + campaign.timeline[cidx].message
|
||||||
if (campaign.timeline[cidx].email) {
|
if (campaign.timeline[cidx].email) {
|
||||||
html += '<br>' + "Email: " + campaign.timeline[cidx].email
|
html += '<br>' + "Email: " + escapeHtml(campaign.timeline[cidx].email)
|
||||||
}
|
}
|
||||||
$toolTip.html(html).show()
|
$toolTip.html(html).show()
|
||||||
});
|
});
|
||||||
|
|
|
@ -26,6 +26,14 @@ function query(endpoint, method, data, async) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function escapeHtml(text){
|
||||||
|
return $("<div/>").text(text).html()
|
||||||
|
}
|
||||||
|
|
||||||
|
function unescapeHtml(html){
|
||||||
|
return $("<div/>").html(html).text()
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Define our API Endpoints
|
Define our API Endpoints
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue