Skip to content
Permalink
Browse files
[FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
(cherry picked from commit a900b48)

Conflicts:
	changelog.html
	core/src/main/java/hudson/Functions.java
  • Loading branch information
jglick authored and olivergondza committed Dec 12, 2013
1 parent 6a12082 commit 45666455f3d7ce8d80bd5885f5adbfd499fbb02e
Showing with 13 additions and 2 deletions.
  1. +3 −2 core/src/main/java/hudson/Functions.java
  2. +10 −0 core/src/test/java/hudson/FunctionsTest.java
@@ -152,7 +152,7 @@
import com.google.common.base.Predicates;
import java.util.concurrent.atomic.AtomicLong;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;

/**
* Utility functions used in views.
@@ -445,13 +445,14 @@ public static String printLogRecord(LogRecord r) {
return formatter.format(r);
}

@Restricted(DoNotUse.class)
@Restricted(NoExternalUse.class)
public static String[] printLogRecordHtml(LogRecord r, LogRecord prior) {
String[] oldParts = prior == null ? new String[4] : logRecordPreformat(prior);
String[] newParts = logRecordPreformat(r);
for (int i = 0; i < /* not 4 */3; i++) {
newParts[i] = "<span class='" + (newParts[i].equals(oldParts[i]) ? "logrecord-metadata-old" : "logrecord-metadata-new") + "'>" + newParts[i] + "</span>";
}
newParts[3] = Util.xmlEscape(newParts[3]);
return newParts;
}
/**
@@ -37,6 +37,8 @@
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.LogRecord;

import jenkins.model.Jenkins;

@@ -289,4 +291,12 @@ public void testBreakableString() {
assertEquals("H<wbr>,e<wbr>.l<wbr>/l<wbr>:o<wbr>-w<wbr>_o<wbr>=+|d", Functions.breakableString("H,e.l/l:o-w_o=+|d"));
assertEquals("ALongStrin<wbr>gThatCanNo<wbr>tBeBrokenB<wbr>yDefault", Functions.breakableString("ALongStringThatCanNotBeBrokenByDefault"));
}

@Bug(20800)
@Test public void printLogRecordHtml() throws Exception {
LogRecord lr = new LogRecord(Level.INFO, "Bad input <xml/>");
lr.setLoggerName("test");
assertEquals("Bad input &lt;xml/>\n", Functions.printLogRecordHtml(lr, null)[3]);
}

}

0 comments on commit 4566645

Please sign in to comment.