On Wed, 2019-12-04 at 08:25 +0800, Changqing Li wrote: > ping There was a reply from Paul Eggleton about the server side of this patch, were those issues addressed?
Cheers, Richard > On 11/12/19 4:32 PM, [email protected] wrote: > > From: Changqing Li <[email protected]> > > > > when we have below content in local.conf or auto.conf: > > BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>" > > send-error-report will fail with "HTTP Error 500: OK" > > > > error-report-web do rudimentary check on all fields that are > > passed to the graphs page to avoid any XSS happening, if contains > > '<', the server will return error(Invalid characters in json). > > fixed by use escape of <> to replace it. > > > > NOTE: with this change, error-report-web need to add filter 'safe' > > for the string wanted to display to avoid further HTML escaping > > prior to output. Below is how the content displayed on webpage: > > with the filter 'safe': > > BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>" > > without the filter 'safe': > > BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>" > > > > Another patch for error-report-web will send to yocto mail list. > > > > [YOCTO #13252] > > > > Signed-off-by: Changqing Li <[email protected]> > > --- > > meta/classes/report-error.bbclass | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/meta/classes/report-error.bbclass > > b/meta/classes/report-error.bbclass > > index 1a12db1..6046867 100644 > > --- a/meta/classes/report-error.bbclass > > +++ b/meta/classes/report-error.bbclass > > @@ -36,6 +36,7 @@ def get_conf_data(e, filename): > > continue > > else: > > jsonstring=jsonstring + line > > + jsonstring = jsonstring.replace("<", "<").replace(">", > > ">") > > return jsonstring > > > > python errorreport_handler () { -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
