Commit a45db29d authored by Fabio Pitino's avatar Fabio Pitino

Render HTML tags in job log

parent f2876fb0
---
title: Do not escape HTML tags in Ansi2json as they are escaped in the frontend
merge_request: 19610
author:
type: fixed
......@@ -66,14 +66,12 @@ module Gitlab
elsif scan_token(scanner, /\e(([@-_])(.*?)?)?$/)
# stop scanning
scanner.terminate
elsif scan_token(scanner, /</)
@state.current_line << '&lt;'
elsif scan_token(scanner, /\r?\n/)
flush_current_line
elsif scan_token(scanner, /\r/)
# drop last line
@state.current_line.clear!
elsif scan_token(scanner, /.[^\e<\r\ns]*/m)
elsif scan_token(scanner, /.[^\e\r\ns]*/m)
# this is a join from all previous tokens and first letters
# it always matches at least one character `.`
# it matches everything that is not start of:
......
......@@ -224,17 +224,17 @@ describe Gitlab::Ci::Ansi2json do
end
end
it 'prevents XSS injection' do
trace = "#{section_start}section_end:1:2<script>alert('XSS Hack!');</script>#{section_end}"
it 'prints HTML tags as is' do
trace = "#{section_start}section_end:1:2<div>hello</div>#{section_end}"
expect(convert_json(trace)).to eq([
{
offset: 0,
content: [{ text: "section_end:1:2&lt;script>alert('XSS Hack!');&lt;/script>" }],
content: [{ text: "section_end:1:2<div>hello</div>" }],
section: 'prepare-script',
section_header: true
},
{
offset: 95,
offset: 75,
content: [],
section: 'prepare-script',
section_duration: '01:03'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment