diff --git a/js/pihole/index.js b/js/pihole/index.js
index f67bf18a..5d22efdd 100644
--- a/js/pihole/index.js
+++ b/js/pihole/index.js
@@ -220,11 +220,28 @@ function updateQueryTypes() {
});
}
+// Credit: http://stackoverflow.com/questions/1787322/htmlspecialchars-equivalent-in-javascript/4835406#4835406
+function escapeHtml(text) {
+ var map = {
+ "&": "&",
+ "<": "<",
+ ">": ">",
+ "\"": """,
+ "\'": "'"
+ };
+
+ return text.replace(/[&<>"']/g, function(m) { return map[m]; });
+}
+
function updateTopClientsChart() {
$.getJSON("api.php?summaryRaw&getQuerySources", function(data) {
var clienttable = $('#client-frequency').find('tbody:last');
+ var domain;
for (domain in data.top_sources) {
- clienttable.append(' | ' + domain +
+ // Sanitize domain
+ domain = escapeHtml(domain);
+ var url = ""+domain+"";
+ clienttable.append(" |
| " + url +
' | ' + data.top_sources[domain] + ' | |
');
}
@@ -260,14 +277,28 @@ function updateTopLists() {
$.getJSON("api.php?summaryRaw&topItems", function(data) {
var domaintable = $('#domain-frequency').find('tbody:last');
var adtable = $('#ad-frequency').find('tbody:last');
+ var url, domain;
for (domain in data.top_queries) {
- domaintable.append(' | ' + domain +
+ // Sanitize domain
+ domain = escapeHtml(domain);
+ if(domain !== "pi.hole")
+ {
+ url = ""+domain+"";
+ }
+ else
+ {
+ url = domain;
+ }
+ domaintable.append(" |
| " + url +
' | ' + data.top_queries[domain] + ' | |
');
}
for (domain in data.top_ads) {
- adtable.append(' | ' + domain +
+ // Sanitize domain
+ domain = escapeHtml(domain);
+ url = ""+domain+"";
+ adtable.append(" |
| " + url +
' | ' + data.top_ads[domain] + ' | |
');
}
diff --git a/js/pihole/queries.js b/js/pihole/queries.js
index 29d388a1..e8af78a8 100644
--- a/js/pihole/queries.js
+++ b/js/pihole/queries.js
@@ -1,3 +1,14 @@
+var tableApi;
+
+function escapeRegex(text) {
+ var map = {
+ "(": "\\(",
+ ")": "\\)",
+ ".": "\\.",
+ };
+ return text.replace(/[().]/g, function(m) { return map[m]; });
+}
+
$(document).ready(function() {
tableApi = $('#all-queries').DataTable( {
"rowCallback": function( row, data, index ){
@@ -40,6 +51,23 @@ $(document).ready(function() {
add(data[2],"black");
}
} );
+
+ // Do we want to filter queries?
+ var GETDict = {};
+ location.search.substr(1).split("&").forEach(function(item) {GETDict[item.split("=")[0]] = item.split("=")[1];});
+ if("client" in GETDict)
+ {
+ // Search in third column (zero indexed)
+ // Use regular expression to only show exact matches, i.e.
+ // don't show 192.168.0.100 when searching for 192.168.0.1
+ // true = use regex, false = don't use smart search
+ tableApi.column(3).search("^"+escapeRegex(GETDict["client"])+"$",true,false);
+ }
+ if("domain" in GETDict)
+ {
+ // Search in second column (zero indexed)
+ tableApi.column(2).search("^"+escapeRegex(GETDict["domain"])+"$",true,false);
+ }
} );
function refreshData() {