New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[23.0] Fixes for (gitlab) error reporting #16424
[23.0] Fixes for (gitlab) error reporting #16424
Conversation
f6e5eaf
to
eada26a
Compare
fyi @selten who was mostly maintaining this plugin |
@bernt-matthias, what was exactly the issue with the markdown solution? Maybe I can help. |
@@ -56,10 +56,11 @@ | |||
<h4 class="mb-3 h-md">Issue Report</h4> | |||
<b-alert | |||
v-for="(resultMessage, index) in resultMessages" | |||
v-html="resultMessage[0]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the resultMessage can potentially contain user-generated content, so that can open up XSS vulnerabilities and/or mess with the component layout.
eada26a
to
cb098e9
Compare
I guess the error reporters just have to output markdown instead of HTML, isn't it .. lets try |
Yes, exactly :) |
Still quoted. Also the |
Where is the |
I guess from https://markdown-it.github.io/markdown-it/#MarkdownIt.render .. since the docs for https://markdown-it.github.io/markdown-it/#MarkdownIt.renderInline remark that this does not add If I'm right the markdown code generates correct |
Note that I have not yet commited the changes to produce markdown in the error reporter python code (which I triple checked to be active) . But tested it with the current client code. |
Ahhh you're right! The |
db45d34
to
f97c6a7
Compare
- URLs for low level gitlab functions (self.gitlab.http_post) need to be quoted - closed issues need to be cached if a comment should be added to existing (potentially closed) issues
so far users have seen e.g. `<p>Your error report has been sent</p>` from the email reporter. Another example is the link to the created issue of the gitlab error reporter.
Co-authored-by: Nicola Soranzo <nicola.soranzo@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me, thanks @bernt-matthias!
Fixes the gitlab error reporting plugin (for the case that comments should be added to existing issues if possible) and also fixes the display of the message of the error reporters to the users (which should not be quoted).
@davelopez I could not get your suggested markdown solution running.
How to test the changes?
(Select all options that apply)
License