ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix too much XSS protections

Browse Source 
- Fixes build graphs
- Fixes pagination
- Fixes pressure of new queue runner
This commit is contained in:
Janne Heß
2025-08-14 12:25:17 +02:00
committed by ahuston-0
parent d9fa44d227
commit 6c8d789541
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib/Hydra/Controller/Root.pm
View File

@@ -13,6 +13,7 @@ use Number::Bytes::Human qw(format_bytes);
use Encode; use Encode;
use File::Basename; use File::Basename;
use JSON::MaybeXS; use JSON::MaybeXS;
use HTML::Entities;
use List::Util qw[min max]; use List::Util qw[min max];
use List::SomeUtils qw{any}; use List::SomeUtils qw{any};
use Net::Prometheus; use Net::Prometheus;
@@ -229,7 +230,7 @@ sub machines :Local Args(0) {
$c->stash->{pretty_percent} = sub { $c->stash->{pretty_percent} = sub {
my ($percent) = @_; my ($percent) = @_;
my $ret = sprintf('%.2f', $percent); my $ret = sprintf('%.2f', $percent);
return (' ' x (6 - length($ret))) . $ret; return (' ' x (6 - length($ret))) . encode_entities($ret);
}; };
$self->status_ok($c, entity => $c->stash->{machines}); $self->status_ok($c, entity => $c->stash->{machines});
} }

8
src/root/common.tt
View File

@@ -444,9 +444,9 @@ BLOCK renderInputDiff; %]
BLOCK renderPager %] BLOCK renderPager %]
<ul class="pagination"> <ul class="pagination">
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=1") %]>&laquo; First</a></li> <li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=1") %]>&laquo; First</a></li>
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page="); (page - 1) %]>&lsaquo; Previous</a></li> <li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=" _ (page - 1)) %]>&lsaquo; Previous</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page="); (page + 1) %]>Next &rsaquo;</a></li> <li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=" _ (page + 1)) %]>Next &rsaquo;</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes("$baseUri?page="); (total - 1) div resultsPerPage + 1 %]>Last &raquo;</a></li> <li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=" _ ((total - 1) div resultsPerPage + 1)) %]>Last &raquo;</a></li>
</ul> </ul>
[% END; [% END;
@@ -700,7 +700,7 @@ BLOCK createChart %]
<script type="text/javascript"> <script type="text/javascript">
$(function() { $(function() {
showChart("[% HTML.escape(id) %]", "[% dataUrl | uri %]", "[% yaxis %]"); showChart("[% HTML.escape(id) %]", "[% dataUrl %]", "[% yaxis %]");
}); });
</script> </script>

2
src/root/machine-status.tt
View File

@@ -36,7 +36,7 @@
[% pressure = m.value.stats.pressure %] [% pressure = m.value.stats.pressure %]
[% MACRO render_pressure(title, pressure) BLOCK %] [% MACRO render_pressure(title, pressure) BLOCK %]
[% IF pressure %] [% IF pressure %]
<tr><td><b>[% HTML.escape(title) %]:</b></td><td><tt>[% pretty_percent(pressure.avg10) | html %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg60) | html %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg300) | html %]%</tt></td><td> <tr><td><b>[% HTML.escape(title) %]:</b></td><td><tt>[% pretty_percent(pressure.avg10) %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg60) %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg300) %]%</tt></td><td>
[% END %] [% END %]
[% END %] [% END %]
[% IF pressure %] [% IF pressure %]