Escape html markup in log message

server-core/src/main/java/io/onedev/server/ci/job/log/DefaultLogManager.java

@@ -32,7 +32,6 @@ import org.joda.time.format.DateTimeFormat;
 import org.joda.time.format.DateTimeFormatter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.unbescape.html.HtmlEscape;
 
 import com.google.common.base.Charsets;
 import com.google.common.base.Splitter;
@@ -156,7 +155,7 @@ public class DefaultLogManager implements LogManager {
 				try {
 					if (throwable != null) {
 						for (String line: Splitter.on(EOL_PATTERN).split(Throwables.getStackTraceAsString(throwable)))
-							message += "\n    " + HtmlEscape.escapeHtml5(line);
+							message += "\n    " + line;
 					}
 							
 					if (message.startsWith(LogInstruction.PREFIX)) {

server-core/src/main/java/io/onedev/server/web/component/build/log/build-log.js

@@ -8,11 +8,13 @@ onedev.server.buildLog = {
         onedev.server.buildLog.appendLogEntries(containerId, logEntries, maxNumOfLogEntries);
     },
     renderLogEntry: function(logEntry) {
-        return "<div class='log-entry " + logEntry.level + "'>" + 
-                "<span class='date'>" + moment(logEntry.date).format("HH:mm:ss") + "</span>" + 
-                "<span class='log-level'>" + logEntry.level + "</span>" + 
-                "<span class='message'>" + logEntry.message + "</span>" + 
-            "</div>";
+		var $logEntry = $("<div class='log-entry " + logEntry.level + "'></div>");
+		$logEntry.append("<span class='date'>" + moment(logEntry.date).format("HH:mm:ss") + "</span>");
+		$logEntry.append("<span class='log-level'>" + logEntry.level + "</span>");
+		var $message = $("<span class='message'></span>");
+		$message.text(logEntry.message);
+		$logEntry.append($message); 
+		return $logEntry;
     },
     appendLogEntries: function(containerId, logEntries, maxNumOfLogEntries) {
         var $buildLog = $("#" + containerId + ">.build-log");