ahuston-0/hydra
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix too much XSS protections

Browse Source 
- Fixes build graphs
- Fixes pagination
- Fixes pressure of new queue runner
This commit is contained in:
Janne Heß
2025-08-14 12:25:17 +02:00
committed by ahuston-0
parent d9fa44d227
commit 6c8d789541
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib/Hydra/Controller/Root.pm
View File

@@ -13,6 +13,7 @@ use Number::Bytes::Human qw(format_bytes);
use Encode;
use File::Basename;
use JSON::MaybeXS;
use HTML::Entities;
use List::Util qw[min max];
use List::SomeUtils qw{any};
use Net::Prometheus;
@@ -229,7 +230,7 @@ sub machines :Local Args(0) {
$c->stash->{pretty_percent} = sub {
my ($percent) = @_;
my $ret = sprintf('%.2f', $percent);
return (' ' x (6 - length($ret))) . $ret;
return (' ' x (6 - length($ret))) . encode_entities($ret);
};
$self->status_ok($c, entity => $c->stash->{machines});
}

8
src/root/common.tt
View File

@@ -444,9 +444,9 @@ BLOCK renderInputDiff; %]
BLOCK renderPager %]
<ul class="pagination">
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=1") %]>&laquo; First</a></li>
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page="); (page - 1) %]>&lsaquo; Previous</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page="); (page + 1) %]>Next &rsaquo;</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes("$baseUri?page="); (total - 1) div resultsPerPage + 1 %]>Last &raquo;</a></li>
<li class="page-item[% IF page == 1 %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=" _ (page - 1)) %]>&lsaquo; Previous</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=" _ (page + 1)) %]>Next &rsaquo;</a></li>
<li class="page-item[% IF page * resultsPerPage >= total %] disabled[% END %]"><a class="page-link" [% HTML.attributes(href => "$baseUri?page=" _ ((total - 1) div resultsPerPage + 1)) %]>Last &raquo;</a></li>
</ul>
[% END;
@@ -700,7 +700,7 @@ BLOCK createChart %]
<script type="text/javascript">
$(function() {
showChart("[% HTML.escape(id) %]", "[% dataUrl | uri %]", "[% yaxis %]");
showChart("[% HTML.escape(id) %]", "[% dataUrl %]", "[% yaxis %]");
});
</script>

2
src/root/machine-status.tt
View File

@@ -36,7 +36,7 @@
[% pressure = m.value.stats.pressure %]
[% MACRO render_pressure(title, pressure) BLOCK %]
[% IF pressure %]
<tr><td><b>[% HTML.escape(title) %]:</b></td><td><tt>[% pretty_percent(pressure.avg10) | html %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg60) | html %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg300) | html %]%</tt></td><td>
<tr><td><b>[% HTML.escape(title) %]:</b></td><td><tt>[% pretty_percent(pressure.avg10) %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg60) %]%</tt></td><td><td><tt>[% pretty_percent(pressure.avg300) %]%</tt></td><td>
[% END %]
[% END %]
[% IF pressure %]