External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-28 16:28:43 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add encoding of html entities in stdout from the API

Browse Source
This commit is contained in:
gconsidine
2018-03-09 15:30:44 -05:00
committed by Jake McDermott
parent c9612b8c75
commit 81c85913ac
2 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
awx/ui/client/features/output/render.service.js
View File

@@ -1,5 +1,6 @@
import Ansi from 'ansi-to-html'; import Ansi from 'ansi-to-html';
import hasAnsi from 'has-ansi'; import hasAnsi from 'has-ansi';
import Entities from 'html-entities';
const ELEMENT_TBODY = '#atStdoutResultTable'; const ELEMENT_TBODY = '#atStdoutResultTable';
const EVENT_START_TASK = 'playbook_on_task_start'; const EVENT_START_TASK = 'playbook_on_task_start';
@@ -18,6 +19,7 @@ const TIME_EVENTS = [
]; ];
const ansi = new Ansi(); const ansi = new Ansi();
const entities = new Entities.AllHtmlEntities();
function JobRenderService ($q, $sce, $window) { function JobRenderService ($q, $sce, $window) {
this.init = ({ compile, apply, get }) => { this.init = ({ compile, apply, get }) => {
@@ -60,7 +62,7 @@ function JobRenderService ($q, $sce, $window) {
return { html: '', count: 0 }; return { html: '', count: 0 };
} }
const { stdout } = event; const stdout = this.sanitize(event.stdout);
const lines = stdout.split('\r\n'); const lines = stdout.split('\r\n');
let count = lines.length; let count = lines.length;
@@ -72,6 +74,7 @@ function JobRenderService ($q, $sce, $window) {
ln++; ln++;
const isLastLine = i === lines.length - 1; const isLastLine = i === lines.length - 1;
let row = this.createRow(current, ln, line); let row = this.createRow(current, ln, line);
if (current && current.isTruncated && isLastLine) { if (current && current.isTruncated && isLastLine) {
@@ -218,7 +221,7 @@ function JobRenderService ($q, $sce, $window) {
this.insert = (events, insert) => { this.insert = (events, insert) => {
const result = this.transformEventGroup(events); const result = this.transformEventGroup(events);
const html = this.sanitize(result.html); const html = this.trustHtml(result.html);
return this.requestAnimationFrame(() => insert(html)) return this.requestAnimationFrame(() => insert(html))
.then(() => this.compile(html)) .then(() => this.compile(html))
@@ -264,14 +267,12 @@ function JobRenderService ($q, $sce, $window) {
}; };
this.prepend = events => this.insert(events, html => this.el.prepend(html)); this.prepend = events => this.insert(events, html => this.el.prepend(html));
this.append = events => this.insert(events, html => this.el.append(html)); this.append = events => this.insert(events, html => this.el.append(html));
// TODO: stdout from the API should not be trusted. this.trustHtml = html => $sce.getTrustedHtml($sce.trustAsHtml(html));
this.sanitize = html => {
html = $sce.trustAsHtml(html);
return $sce.getTrustedHtml(html); this.sanitize = html => entities.encode(html);
};
} }
JobRenderService.$inject = ['$q', '$sce', '$window']; JobRenderService.$inject = ['$q', '$sce', '$window'];

1
awx/ui/package.json
View File

@@ -115,6 +115,7 @@
"components-font-awesome": "^4.6.1", "components-font-awesome": "^4.6.1",
"d3": "~3.3.13", "d3": "~3.3.13",
"has-ansi": "^3.0.0", "has-ansi": "^3.0.0",
"html-entities": "^1.2.1",
"javascript-detect-element-resize": "^0.5.3", "javascript-detect-element-resize": "^0.5.3",
"jquery": "~2.2.4", "jquery": "~2.2.4",
"jquery-ui": "^1.12.1", "jquery-ui": "^1.12.1",