New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Html-encode stack trace details #612

Closed
kenston opened this Issue Sep 2, 2016 · 5 comments

Comments

Projects
None yet
2 participants
@kenston

kenston commented Sep 2, 2016

When using the ExtentTest.log(LogStatus logStatus, Throwable t) method, the stack trace message of the passed throwable may contain some HTML tags. However, HTML-encoding (conversion to HTML entities) was not performed.

A sample stacktrace

Sample issue
Caused by: IllegalArgumentException: String [<td></td>] is not allowed.
    at com.sample.test(Sample.java:31)
    at com.sample.test(Sample.java:21)

will simply be included in the reports as

<tr>
<td class='status error' title='error' alt='error'><i class='mdi-alert-error'></i></td>
<td class='timestamp'>17:50:33</td>
<td class='step-details'><pre>Sample issue
Caused by: IllegalArgumentException: String [<td></td>] is not allowed.
    at com.sample.test(Sample.java:31)
    at com.sample.test(Sample.java:21)
</pre></td>
</tr>

The HTML part <td></td> will be rendered and may affect/deface the report presentation.

@anshooarora anshooarora added the bug label Sep 6, 2016

@anshooarora

This comment has been minimized.

Owner

anshooarora commented Sep 6, 2016

The ability to add HTML needs to be added. For now, is it possible to replace:

< with &lt;
> with &gt;

before adding the log? This will prevent malformed markup.

@kenston

This comment has been minimized.

kenston commented Sep 7, 2016

For logging using the method log(LogStatus logStatus, String details) this seems OK; however with log(LogStatus logStatus, Throwable t) this means we have to alter the exception message to make it work.

@anshooarora

This comment has been minimized.

Owner

anshooarora commented Sep 7, 2016

Working on the fix, will be released in the next version (targeting this week).

@anshooarora

This comment has been minimized.

Owner

anshooarora commented Sep 7, 2016

Can you please try with the attached jar file and let me know if it works?

extentreports-java-2.41.2.jar.zip

I have kept converting of log(LogStatus logStatus, String details) manual, as users may have HTML tags they would like to inject here.

This log(LogStatus logStatus, Throwable t) will enclose any HTML/XML tags in a textarea so the page does not become malformed.

@anshooarora anshooarora removed the in-progress label Sep 7, 2016

@kenston

This comment has been minimized.

kenston commented Sep 8, 2016

@anshooarora it fixes the issue. May I suggest that we enable horizontal scrolling (rather than wrapping) when we style the textarea? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment