Ignore:
Timestamp:
6 Apr 2016, 11:17:16 (8 years ago)
Author:
Henrik Bettermann
Message:

Escape HTML in Logfiles when displayed in Browser.

When logfiles are displayed in datacenter, included
HTML tags should show up as tags and not be rendered
by the browser. We therefore cgi.escape logfile
contents.

See r13495 and r13496.

Location:
main/waeup.ikoba/trunk/src/waeup/ikoba/browser
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • main/waeup.ikoba/trunk/src/waeup/ikoba/browser/pages.py

    r13806 r13808  
    2020# XXX: All csv ops should move to a dedicated module soon
    2121import unicodecsv as csv
     22import cgi
    2223import grok
    2324import os
     
    15611562            return
    15621563        try:
    1563             self.result = ''.join(
    1564                 self.context.queryLogfiles(logname, query))
     1564            self.result = cgi.escape(
     1565                ''.join(self.context.queryLogfiles(logname, query)))
    15651566        except ValueError:
    15661567            self.flash(_('Invalid search expression.'), type='danger')

  • main/waeup.ikoba/trunk/src/waeup/ikoba/browser/pdf.py

    r12492 r13808  
    9494    fontName='Helvetica',
    9595    fontSize=10,
    96     leading=9,
     96    #leading=9,
    9797    )
    9898

  • main/waeup.ikoba/trunk/src/waeup/ikoba/browser/tests/test_browser.py

    r13806 r13808  
     1# -*- coding: utf-8 -*-
    12## $Id: test_browser.py 12840 2015-04-01 08:35:16Z henrik $
    23##
     
    9192            shutil.rmtree(os.path.dirname(job.result))
    9293
     94    def test_logs_listed(self):
     95        # existing logfiles are listed in logs overview
     96        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     97        log_path = os.path.join(
     98            self.app['datacenter'].storage, 'logs', 'myspecial.log')
     99        with open(log_path, "a") as fd:
     100            fd.write("SOME FOO IN LOGFILE")
     101        self.browser.open(self.datacenter_path + "/logs")
     102        assert "myspecial.log" in self.browser.contents
     103
     104    def test_view_log(self):
     105        # single logfiles can be watched (with filter regexp)
     106        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     107        log_path = os.path.join(
     108            self.app['datacenter'].storage, 'logs', 'myspecial.log')
     109        with open(log_path, "a") as fd:
     110            fd.write("SOME FOO IN LOGFILE")
     111        self.browser.open(
     112            self.datacenter_path + "/@@show/?logname=myspecial.log&query=.*")
     113        assert "SOME FOO IN LOGFILE" in self.browser.contents
     114
     115    def test_html_in_logs_escaped(self):
     116        # HTML code in logfiles is escaped before output.
     117        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     118        log_path = os.path.join(
     119            self.app['datacenter'].storage, 'logs', 'myspecial.log')
     120        with open(log_path, "a") as fd:
     121            fd.write("SOME <TAG> AND ÜMLÄUTS IN LOG")
     122        self.browser.open(
     123            self.datacenter_path + "/@@show/?logname=myspecial.log&query=.*")
     124        assert "SOME &lt;TAG&gt; AND ÜMLÄUTS IN LOG" in self.browser.contents
     125
    93126    def test_user_data_import_permission(self):
    94127        upload_path = 'http://localhost/app/datacenter/upload'
Note: See TracChangeset for help on using the changeset viewer.