ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

templates: Hopefully escape all template inputs

Browse Source
This commit is contained in:
Janne Heß
2025-08-02 18:20:35 +02:00
committed by ahuston-0
parent 4125de8208
commit 4d2d0f9722
24 changed files with 116 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/root/runcommand-log.tt
View File

@@ -12,7 +12,7 @@
is
[% END %]
the output of a RunCommand execution of the command <tt>[% HTML.escape(runcommandlog.command) %]</tt>
on <a [% HTML.attributes(href => c.uri_for('/build', build.id)) %]>Build [% build.id %]</a>.
on <a [% HTML.attributes(href => c.uri_for('/build', build.id)) %]>Build [% HTML.escape(build.id) %]</a>.
[% IF tail %]
The <a [% HTML.attributes(href => c.uri_for('/build', build.id, 'runcommandlog', runcommandlog.uuid)) %]>full log</a> is also available.
[% END %]
@@ -33,7 +33,7 @@
[% IF tail %]
/* The server may give us a full log (e.g. if the log is in
S3). So extract the last lines. */
log_data = log_data.split("\n").slice(-[% tail %]).join("\n");
log_data = log_data.split("\n").slice(-[% HTML.escape(tail) %]).join("\n");
[% END %]
$("#contents").text(log_data);