On Tue, 2019-11-12 at 16:32 +0800, [email protected] wrote: > From: Changqing Li <[email protected]> > > when we have below content in local.conf or auto.conf: > BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>" > send-error-report will fail with "HTTP Error 500: OK" > > error-report-web do rudimentary check on all fields that are > passed to the graphs page to avoid any XSS happening, if contains > '<', the server will return error(Invalid characters in json). > fixed by use escape of <> to replace it. > > NOTE: with this change, error-report-web need to add filter 'safe' > for the string wanted to display to avoid further HTML escaping > prior to output. Below is how the content displayed on webpage: > with the filter 'safe': > BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>" > without the filter 'safe': > BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>" > > Another patch for error-report-web will send to yocto mail list. > > [YOCTO #13252] >
This patch fixes my problem. LGTM > Signed-off-by: Changqing Li <[email protected]> > --- > meta/classes/report-error.bbclass | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/classes/report-error.bbclass b/meta/classes/report- > error.bbclass > index 1a12db1..6046867 100644 > --- a/meta/classes/report-error.bbclass > +++ b/meta/classes/report-error.bbclass > @@ -36,6 +36,7 @@ def get_conf_data(e, filename): > continue > else: > jsonstring=jsonstring + line > + jsonstring = jsonstring.replace("<", "<").replace(">", > ">") > return jsonstring > > python errorreport_handler () { > -- > 2.7.4 > -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
