On 12/4/19 4:16 PM, Richard Purdie wrote:
On Wed, 2019-12-04 at 08:25 +0800, Changqing Li wrote:
ping
There was a reply from Paul Eggleton about the server side of this
patch, were those issues addressed?
Cheers,
Richard
I should have missed the reply:-[, I will check it.
Thanks.
BRs
Sandy
On 11/12/19 4:32 PM, [email protected] wrote:
From: Changqing Li <[email protected]>
when we have below content in local.conf or auto.conf:
BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>"
send-error-report will fail with "HTTP Error 500: OK"
error-report-web do rudimentary check on all fields that are
passed to the graphs page to avoid any XSS happening, if contains
'<', the server will return error(Invalid characters in json).
fixed by use escape of <> to replace it.
NOTE: with this change, error-report-web need to add filter 'safe'
for the string wanted to display to avoid further HTML escaping
prior to output. Below is how the content displayed on webpage:
with the filter 'safe':
BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>"
without the filter 'safe':
BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <[email protected]>"
Another patch for error-report-web will send to yocto mail list.
[YOCTO #13252]
Signed-off-by: Changqing Li <[email protected]>
---
meta/classes/report-error.bbclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/classes/report-error.bbclass
b/meta/classes/report-error.bbclass
index 1a12db1..6046867 100644
--- a/meta/classes/report-error.bbclass
+++ b/meta/classes/report-error.bbclass
@@ -36,6 +36,7 @@ def get_conf_data(e, filename):
continue
else:
jsonstring=jsonstring + line
+ jsonstring = jsonstring.replace("<", "<").replace(">",
">")
return jsonstring
python errorreport_handler () {
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
