xss plugin breaks and error pages #93

Closed
kbrock opened this Issue Jun 6, 2012 · 3 comments

Projects

None yet

3 participants

@kbrock

Hello!

The hoptoad gem is generating bad javascript on the development 500 pages.
This is the case with ree 1.8.7 and mri 1.9.3-p194. It still happens when I upgraded to version 3.1.0 of the airbrake gem.

Since we are running rails 2.3, we also have the rails_xss plugin installed. The plugin is escaping the to_json code and generating invalid javascript.

It is easy to fix by adding raw/safe_html but if you're supporting rails 2 and 3, then this gets tricky.

If you have a direction for me to take/write tests - I can fix and submit.

Thanks,
Keenan

Example of the error:

var Airbrake = {
  host    : "api.airbrake.io",
  api_key : "...",
  notice  : {"action":"show","component":"conditions","error_class":"ActiveRecord::RecordNotFound","environment_name":"production","file":"[PROJECT_ROOT]/.bundle/ruby/1.9.1/gems/activerecord-2.3.11/lib/active_record/base.rb","line_number":"1620"},
  message : 'This error exists in production!',

I'm thinking it wanted to generate:

var Airbrake = {
  host    : "api.airbrake.io",
  api_key : "...",
notice  : {"action":"show","component":"conditions","error_class":"ActiveRecord::RecordNotFound","environment_name":"production","file":"[PROJECT_ROOT]/.bundle/ruby/1.9.1/gems/activerecord-2.3.11/lib/active_record/base.rb","line_number":"1620"},
  message : 'This error exists in production!',
@kbrock

Locally, I fixed with: kbrock/airbrake@24eadc4
Getting an error from the server, can't track it down

any suggestions on running the test harness?
simple bundle install ; rake did not work

@ghost
@shime

bender

you can run the suite with $ bundle install && rake vendor_test_gems && rake.

@shifi shifi closed this Jul 31, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment