From 8db5cb22d5b49baeaedc731aff381ed8f18091c0 Mon Sep 17 00:00:00 2001
From: hskwon <shine1324@gmail.com>
Date: Tue, 2 Dec 2025 09:43:47 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9D=BC=EC=9D=BC=20=EC=8A=A4=ED=81=AC?=
 =?UTF-8?q?=EB=9F=BC=20=EC=95=84=EC=BD=94=EB=94=94=EC=96=B8=20nl2br=20?=
 =?UTF-8?q?=EC=A0=81=EC=9A=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- escapeHtml/nl2br 헬퍼 함수 추가
- 요약(summary) 줄바꿈 처리
- 항목 내용(content) 줄바꿈 처리
- XSS 방지를 위한 HTML 이스케이프 처리
---
 resources/views/daily-logs/index.blade.php | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/resources/views/daily-logs/index.blade.php b/resources/views/daily-logs/index.blade.php
index 4940cbb5..158bb163 100644
--- a/resources/views/daily-logs/index.blade.php
+++ b/resources/views/daily-logs/index.blade.php
@@ -188,6 +188,19 @@ class="bg-white rounded-lg shadow-sm overflow-hidden">
     // 담당자 데이터
     const assignees = @json($assignees);
 
+    // HTML 이스케이프 및 줄바꿈 처리 헬퍼
+    function escapeHtml(text) {
+        if (!text) return '';
+        const div = document.createElement('div');
+        div.textContent = text;
+        return div.innerHTML;
+    }
+
+    function nl2br(text) {
+        if (!text) return '';
+        return escapeHtml(text).replace(/\n/g, '<br>');
+    }
+
     // 폼 제출 시 HTMX 이벤트 트리거
     document.getElementById('filterForm').addEventListener('submit', function(e) {
         e.preventDefault();
@@ -575,7 +588,7 @@ function renderTableAccordionContent(logId, log) {
                             <span class="font-medium text-gray-900">${entry.assignee_name}</span>
                             <span class="px-2 py-0.5 text-xs rounded-full ${statusColors[entry.status]}">${statusLabels[entry.status]}</span>
                         </div>
-                        <p class="text-sm text-gray-600">${entry.content}</p>
+                        <p class="text-sm text-gray-600">${nl2br(entry.content)}</p>
                     </div>
                     <div class="flex items-center gap-1">
                         ${entry.status !== 'todo' ? `
@@ -602,7 +615,7 @@ function renderTableAccordionContent(logId, log) {
 
         contentDiv.innerHTML = `
             <div class="space-y-3">
-                ${log.summary ? `<div class="text-sm text-gray-700 mb-3 pb-3 border-b">${log.summary}</div>` : ''}
+                ${log.summary ? `<div class="text-sm text-gray-700 mb-3 pb-3 border-b">${nl2br(log.summary)}</div>` : ''}
                 <div class="space-y-2">
                     ${entriesHtml}
                 </div>