Commit 4ac4ba26 authored by Stan Hu's avatar Stan Hu

Fix requests profiler in admin page not rendering HTML properly

By default in Rails 5, content passed to `render` will be
escaped. This doesn't work for the HTML profile output, which
should be considered safe HTML already.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56152
parent 4a6c7661
...@@ -11,7 +11,7 @@ class Admin::RequestsProfilesController < Admin::ApplicationController ...@@ -11,7 +11,7 @@ class Admin::RequestsProfilesController < Admin::ApplicationController
profile = Gitlab::RequestProfiler::Profile.find(clean_name) profile = Gitlab::RequestProfiler::Profile.find(clean_name)
if profile if profile
render html: profile.content render html: profile.content.html_safe
else else
redirect_to admin_requests_profiles_path, alert: 'Profile not found' redirect_to admin_requests_profiles_path, alert: 'Profile not found'
end end
......
---
title: Fix requests profiler in admin page not rendering HTML properly
merge_request: 24291
author:
type: fixed
# frozen_string_literal: true
require 'spec_helper'
describe Admin::RequestsProfilesController do
set(:admin) { create(:admin) }
before do
sign_in(admin)
end
describe '#show' do
let(:basename) { "profile_#{Time.now.to_i}.html" }
let(:tmpdir) { Dir.mktmpdir('profiler-test') }
let(:test_file) { File.join(tmpdir, basename) }
let(:profile) { Gitlab::RequestProfiler::Profile.new(basename) }
let(:sample_data) do
<<~HTML
<!DOCTYPE html>
<html>
<body>
<h1>My First Heading</h1>
<p>My first paragraph.</p>
</body>
</html>
HTML
end
before do
stub_const('Gitlab::RequestProfiler::PROFILES_DIR', tmpdir)
output = File.open(test_file, 'w')
output.write(sample_data)
output.close
end
after do
File.unlink(test_file)
end
it 'loads an HTML profile' do
get :show, params: { name: basename }
expect(response).to have_gitlab_http_status(200)
expect(response.body).to eq(sample_data)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment