External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-14 03:10:42 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add encoding of html entities in stdout from the API

Browse Source
This commit is contained in:
gconsidine 2018-03-09 15:30:44 -05:00 committed by Jake McDermott
parent c9612b8c75
commit 81c85913ac
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
awx/ui/client/features/output/render.service.js
View File

@ -1,5 +1,6 @@
import Ansi from 'ansi-to-html';
import hasAnsi from 'has-ansi';
import Entities from 'html-entities';
const ELEMENT_TBODY = '#atStdoutResultTable';
const EVENT_START_TASK = 'playbook_on_task_start';
@ -18,6 +19,7 @@ const TIME_EVENTS = [
];
const ansi = new Ansi();
const entities = new Entities.AllHtmlEntities();
function JobRenderService ($q, $sce, $window) {
this.init = ({ compile, apply, get }) => {
@ -60,7 +62,7 @@ function JobRenderService ($q, $sce, $window) {
return { html: '', count: 0 };
}
const { stdout } = event;
const stdout = this.sanitize(event.stdout);
const lines = stdout.split('\r\n');
let count = lines.length;
@ -72,6 +74,7 @@ function JobRenderService ($q, $sce, $window) {
ln++;
const isLastLine = i === lines.length - 1;
let row = this.createRow(current, ln, line);
if (current && current.isTruncated && isLastLine) {
@ -218,7 +221,7 @@ function JobRenderService ($q, $sce, $window) {
this.insert = (events, insert) => {
const result = this.transformEventGroup(events);
const html = this.sanitize(result.html);
const html = this.trustHtml(result.html);
return this.requestAnimationFrame(() => insert(html))
.then(() => this.compile(html))
@ -264,14 +267,12 @@ function JobRenderService ($q, $sce, $window) {
};
this.prepend = events => this.insert(events, html => this.el.prepend(html));
this.append = events => this.insert(events, html => this.el.append(html));
// TODO: stdout from the API should not be trusted.
this.sanitize = html => {
html = $sce.trustAsHtml(html);
this.trustHtml = html => $sce.getTrustedHtml($sce.trustAsHtml(html));
return $sce.getTrustedHtml(html);
};
this.sanitize = html => entities.encode(html);
}
JobRenderService.$inject = ['$q', '$sce', '$window'];

1
awx/ui/package.json
View File

@ -115,6 +115,7 @@
"components-font-awesome": "^4.6.1",
"d3": "~3.3.13",
"has-ansi": "^3.0.0",
"html-entities": "^1.2.1",
"javascript-detect-element-resize": "^0.5.3",
"jquery": "~2.2.4",
"jquery-ui": "^1.12.1",