Commit f40b0495 authored by Jacob Schatz's avatar Jacob Schatz

Merge branch 'sh-sanitize-node-status' into 'master'

Strip out any HTML tags in Geo response and upon failure omit full response text

Closes #2786

See merge request !2318
parents 2284f87d 18fcdd36
...@@ -43,7 +43,8 @@ class GeoNodeStatus { ...@@ -43,7 +43,8 @@ class GeoNodeStatus {
if (status.health === 'Healthy') { if (status.health === 'Healthy') {
this.$health.html(''); this.$health.html('');
} else { } else {
this.$health.html(`<code class="geo-health">${status.health}</code>`); const strippedData = $('<div>').html(`${status.health}`).text();
this.$health.html(`<code class="geo-health">${strippedData}</code>`);
} }
this.$status.show(); this.$status.show();
......
...@@ -28,7 +28,8 @@ module Geo ...@@ -28,7 +28,8 @@ module Geo
if payload.is_a?(Hash) if payload.is_a?(Hash)
payload['message'] payload['message']
else else
payload # The return value can be a giant blob of HTML; ignore it
''
end end
Array([message, details].compact.join("\n")) Array([message, details].compact.join("\n"))
......
...@@ -39,5 +39,17 @@ describe Geo::NodeStatusService, services: true do ...@@ -39,5 +39,17 @@ describe Geo::NodeStatusService, services: true do
expect(status).to have_attributes(data) expect(status).to have_attributes(data)
end end
it 'omits full response text in status' do
request = double(success?: false,
code: 401,
message: 'Unauthorized',
parsed_response: '<html><h1>You are not allowed</h1></html>')
allow(described_class).to receive(:get).and_return(request)
status = subject.call(secondary)
expect(status.health).to eq("Could not connect to Geo node - HTTP Status Code: 401 Unauthorized\n")
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment