From 9bed6cf9fd52810542167ea6b19cc8378c65e241 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@b87d56ec-f9c0-11de-8c8a-61c5e9addfc9>
Date: Wed, 2 Nov 2011 15:15:24 +0000
Subject: [PATCH] "Allowing" <br> tag when output escaping content in the
 command module output.

git-svn-id: https://beef.googlecode.com/svn/trunk@1391 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
---
 extensions/admin_ui/media/javascript/ui/panel/common.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/admin_ui/media/javascript/ui/panel/common.js b/extensions/admin_ui/media/javascript/ui/panel/common.js
index bf8146636..64879de79 100644
--- a/extensions/admin_ui/media/javascript/ui/panel/common.js
+++ b/extensions/admin_ui/media/javascript/ui/panel/common.js
@@ -260,8 +260,8 @@ function genExisingExploitPanel(panel, command_id, zombie, sb) {
 							for(index in record.data.data) {
 								result = record.data.data[index];
 								index = index.toString().replace('_', ' ');
-								
-								html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result));
+                                //output escape everything, but allow the <br> tag for better rendering.
+								html += String.format('<b>{0}</b>: {1}<br>', index, $jEncoder.encoder.encodeForHTML(result).replace(/&lt;br&gt;/g,'<br>'));
 							}
 							
 							html += '</p>';