Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop HTML escaping errors for /stats/requests endpoint #2710

Merged
merged 1 commit into from
May 13, 2024

Conversation

cyberw
Copy link
Collaborator

@cyberw cyberw commented May 12, 2024

Fixes #2674, at least the most annoying part of it (things like ' are now returned and most importantly displayed as "'" instead of "'")

Fixes #2674, at least the most annoying part of it.
@cyberw
Copy link
Collaborator Author

cyberw commented May 12, 2024

@andrewbaldwin44 What do you think about this?

I see no reason for the endpoint to return html-escaped strings (inside a json document!) - that is more appropriately handled by the front end. HTML tags are already handled correctly, but it is a bit weird that things like   in an error message shows up as in the UI, so maybe it needs frontend changes before I merge this.

@cyberw cyberw force-pushed the stop-escaping-errors-for-requests-endpoint branch from 18048df to 6fb7444 Compare May 12, 2024 21:03
@andrewbaldwin44
Copy link
Collaborator

Weird, I thought for sure I had fixed this. Escaping on the server is likely meant as a security consideration, to prevent injection or XSS (probably not the biggest concern considering Locust is usually deployed within a VPC). It looks like the legacy UI would evaluate the error and name so that is most likely the reason for this, but since we no longer have the legacy UI this is no longer necessary (we never evaluate HTML in the new frontend).

There was a fix to HTML escaping I applied for the failures table, it would no longer be needed after this patch so I can remove it in another PR

@cyberw cyberw merged commit 187b049 into master May 13, 2024
53 checks passed
@cyberw cyberw changed the title stop escaping errors for requests endpoint Stop escaping errors for requests endpoint May 15, 2024
@cyberw cyberw changed the title Stop escaping errors for requests endpoint Stop HTML escaping errors for requests endpoint May 23, 2024
@cyberw cyberw changed the title Stop HTML escaping errors for requests endpoint Stop HTML escaping errors for /stats/requests endpoint May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

When there is an error in the FAILURES of the front-end page when there is a worker, there is no escape.
2 participants