[enh] there should be a minimal auth

public/css/site.css

@@ -0,0 +1,20 @@
+
+/* 
+    Created on : 16 mai 2020
+    Author     : alban
+*/
+
+.log {
+    margin-bottom: 10px;
+    border-top: 1px solid #eee;
+    padding-top: 6px;
+}
+
+.log h4 {
+    white-space: pre;
+    font-family: monospace;
+}
+
+.log p {
+    color: #666;
+}

public/js/app.js

@@ -1,24 +1,37 @@
-/* global initData */
+/* global initData, authorizationToken */
 
+// List of HTML entities for escaping.
+var htmlEscapes = {
+  '&': '&',
+  '<': '&lt;',
+  '>': '&gt;',
+  '"': '&quot;',
+  "'": '&#x27;',
+  '/': '&#x2F;'
+};
 
-/**
- * 
- * @type type
- */
-const serviceContainer = {};
+// Regex containing the keys listed immediately above.
+var htmlEscaper = /[&<>"'\/]/g;
 
+// Escape a string for HTML interpolation.
+escape = function(string) {
+  return ('' + string).replace(htmlEscaper, function(match) {
+    return htmlEscapes[match];
+  });
+};
 
 function updatePage(data){
   
   var content = "";
   $.each(data.hits.hits, (k,v)=>{
     var item = v._source;
+    
     content += `
 
     <div class="log row-fluid">
       <div class="span9">
-        <p>${item.created_at} ${item.author} ${item.server} 
-        <h4> ${item.content}</h4>
+        <p>${escape(item.created_at)} -- ${escape(item.author)} -- ${escape(item.server)} 
+        <h4> ${escape(item.content)}</h4>
       </span>
     </div>
     `;
@@ -27,12 +40,17 @@ function updatePage(data){
   
 }
 
-$("input").on("keydown",function(e){
+$("input").on("keyup",function(e){
   const el = $(e.target);
   const val = el.val();
   if( val.length < 3 ){ return; }
   $.ajax("/search",{
-    data: {q:val}
+    beforeSend: function(request) {
+    request.setRequestHeader("authorizationToken", authorizationToken);
+    },
+    data: {
+      q:val,
+    }
   })  
   .done(function(data) {
     updatePage(data);