From 5ead886fd6f09407ffce1eca0cd2eda6dbf4c8cf Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 18 Oct 2020 19:44:56 +0200
Subject: [PATCH] [Web] Escape To field in Rspamd history log

---
 data/web/js/site/debug.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/web/js/site/debug.js b/data/web/js/site/debug.js
index 83145e10..9bbe717e 100644
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@@ -514,10 +514,10 @@ jQuery(function($){
     if (table == 'rspamd_history') {
     $.each(data, function (i, item) {
       if (item.rcpt_mime != "") {
-        item.rcpt = item.rcpt_mime.join(", ");
+        item.rcpt = escapeHtml(item.rcpt_mime.join(", "));
       }
       else {
-        item.rcpt = item.rcpt_smtp.join(", ");
+        item.rcpt = escapeHtml(item.rcpt_smtp.join(", "));
       }
       item.symbols = Object.keys(item.symbols).sort(function (a, b) {
         if (item.symbols[a].score === 0) return 1