From f20ceb01163d68012953e9cd161b8ff5d20589e3 Mon Sep 17 00:00:00 2001
From: Dan Johansson <dan.johansson@uzh.ch>
Date: Tue, 1 Sep 2020 14:02:19 +0200
Subject: [PATCH 1/2] Escape HTML

---
 collector/livestatus/NotificationData.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/collector/livestatus/NotificationData.go b/collector/livestatus/NotificationData.go
index dbc814f..a6ab6e8 100644
--- a/collector/livestatus/NotificationData.go
+++ b/collector/livestatus/NotificationData.go
@@ -6,6 +6,7 @@ import (
 	"github.com/griesbacher/nagflux/helper"
 	"github.com/griesbacher/nagflux/logging"
 	"strings"
+	"html"
 )
 
 //NotificationData adds notification types to the livestatus data
@@ -30,7 +31,7 @@ func (notification NotificationData) PrintForInfluxDB(version string) string {
 		if text := notificationToText(notification.notificationType); text != "" {
 			tags = ",type=" + text
 		}
-		value := fmt.Sprintf("%s:<br> %s", strings.TrimSpace(notification.notificationLevel), notification.comment)
+		value := fmt.Sprintf("%s:<br> %s", strings.TrimSpace(notification.notificationLevel), html.EscapeString(notification.comment))
 		return notification.genInfluxLineWithValue(tags, value)
 	}
 	logging.GetLogger().Criticalf("This influxversion [%f] given in the config is not supported", version)
@@ -41,7 +42,7 @@ func (notification NotificationData) PrintForInfluxDB(version string) string {
 func (notification NotificationData) PrintForElasticsearch(version, index string) string {
 	if helper.VersionOrdinal(version) >= helper.VersionOrdinal("2.0") {
 		text := notificationToText(notification.notificationType)
-		value := fmt.Sprintf("%s:<br> %s", strings.TrimSpace(notification.notificationLevel), notification.comment)
+		value := fmt.Sprintf("%s:<br> %s", strings.TrimSpace(notification.notificationLevel), html.EscapeString(notification.comment))
 		return notification.genElasticLineWithValue(index, text, value, notification.entryTime)
 	}
 	logging.GetLogger().Criticalf("This elasticsearchversion [%f] given in the config is not supported", version)

From 3a6fe30ee8d9e2e37f80ad49c639f29da389ace2 Mon Sep 17 00:00:00 2001
From: Dan Johansson <dan.johansson@uzh.ch>
Date: Tue, 1 Sep 2020 14:42:53 +0200
Subject: [PATCH 2/2] Update NotificationData.go

---
 collector/livestatus/NotificationData.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/collector/livestatus/NotificationData.go b/collector/livestatus/NotificationData.go
index a6ab6e8..6c3dbbf 100644
--- a/collector/livestatus/NotificationData.go
+++ b/collector/livestatus/NotificationData.go
@@ -5,8 +5,8 @@ import (
 	"github.com/griesbacher/nagflux/collector"
 	"github.com/griesbacher/nagflux/helper"
 	"github.com/griesbacher/nagflux/logging"
-	"strings"
 	"html"
+	"strings"
 )
 
 //NotificationData adds notification types to the livestatus data