You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@deltacloud.apache.org by lu...@redhat.com on 2012/07/30 22:43:51 UTC
[PATCH] error messages: quote HTML, shorten backtrace
From: David Lutterkort <lu...@redhat.com>
* Special characters like &, <, and > need to be escaped in error messages
* In the backtrace in error messages, only show paths in deltacloud itself;
the full backtrace is still in the error details secion of the page
---
server/lib/deltacloud/helpers/deltacloud_helper.rb | 11 +++++++++++
server/views/errors/500.html.haml | 11 +++++++----
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/server/lib/deltacloud/helpers/deltacloud_helper.rb b/server/lib/deltacloud/helpers/deltacloud_helper.rb
index 799478e..df23cea 100644
--- a/server/lib/deltacloud/helpers/deltacloud_helper.rb
+++ b/server/lib/deltacloud/helpers/deltacloud_helper.rb
@@ -288,6 +288,17 @@ module Deltacloud::Helpers
not features_arr.empty?
end
+ HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
+
+ def h(s)
+ s.to_s.gsub(/[&"><]/n) { |special| HTML_ESCAPE[special] }
+ end
+
+ def bt(trace)
+ app_path = File::expand_path("../../..", __FILE__)
+ trace.select { |t| t.match(%r{^#{app_path}}) }.join("\n")
+ end
+
private
def hardware_property_unit(prop)
u = ::Deltacloud::HardwareProfile::unit(prop)
diff --git a/server/views/errors/500.html.haml b/server/views/errors/500.html.haml
index 19cf090..1b04a21 100644
--- a/server/views/errors/500.html.haml
+++ b/server/views/errors/500.html.haml
@@ -2,7 +2,7 @@
%ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme' => 'e'}
%li{ :'data-role' => 'list-divider'} Server message
%li
- %h3=[@error.class.name, @error.message].join(' - ')
+ %h3= h [@error.class.name, @error.message].join(' - ')
%li{ :'data-role' => 'list-divider'} Original request URI
%li
%a{ :href => request.env['REQUEST_URI'], :'data-ajax' => 'false'}
@@ -11,15 +11,18 @@
%li{ :'data-role' => 'list-divider'} Error details
%li
- if @error.class.method_defined? :details
- %p= @error.details
+ %p= h @error.details
- else
%em No details
+ %li{ :'data-role' => 'list-divider'} Backtrace
+ %li
+ %pre= bt @error.backtrace
%div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
%h3 Backtrace
%ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme' => 'e'}
%li
- %pre=@error.backtrace.join("\n")
+ %pre= h @error.backtrace.join("\n")
%div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
%h3 Parameters
@@ -40,4 +43,4 @@
- next if value.inspect.to_s == '#'
%li{ :'data-role' => 'list-divider'}=key
%li
- %span{:style => 'font-weight:normal;'}=value.inspect
+ %span{:style => 'font-weight:normal;'}= h value.inspect
--
1.7.7.6
Re: [PATCH] error messages: quote HTML, shorten backtrace
Posted by Michal Fojtik <mf...@redhat.com>.
ACK.
On Jul 30, 2012, at 10:43 PM, lutter@redhat.com wrote:
> From: David Lutterkort <lu...@redhat.com>
>
> * Special characters like &, <, and > need to be escaped in error messages
> * In the backtrace in error messages, only show paths in deltacloud itself;
> the full backtrace is still in the error details secion of the page
> ---
> server/lib/deltacloud/helpers/deltacloud_helper.rb | 11 +++++++++++
> server/views/errors/500.html.haml | 11 +++++++----
> 2 files changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/server/lib/deltacloud/helpers/deltacloud_helper.rb b/server/lib/deltacloud/helpers/deltacloud_helper.rb
> index 799478e..df23cea 100644
> --- a/server/lib/deltacloud/helpers/deltacloud_helper.rb
> +++ b/server/lib/deltacloud/helpers/deltacloud_helper.rb
> @@ -288,6 +288,17 @@ module Deltacloud::Helpers
> not features_arr.empty?
> end
>
> + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
> +
> + def h(s)
> + s.to_s.gsub(/[&"><]/n) { |special| HTML_ESCAPE[special] }
> + end
> +
> + def bt(trace)
> + app_path = File::expand_path("../../..", __FILE__)
> + trace.select { |t| t.match(%r{^#{app_path}}) }.join("\n")
> + end
> +
> private
> def hardware_property_unit(prop)
> u = ::Deltacloud::HardwareProfile::unit(prop)
> diff --git a/server/views/errors/500.html.haml b/server/views/errors/500.html.haml
> index 19cf090..1b04a21 100644
> --- a/server/views/errors/500.html.haml
> +++ b/server/views/errors/500.html.haml
> @@ -2,7 +2,7 @@
> %ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme' => 'e'}
> %li{ :'data-role' => 'list-divider'} Server message
> %li
> - %h3=[@error.class.name, @error.message].join(' - ')
> + %h3= h [@error.class.name, @error.message].join(' - ')
> %li{ :'data-role' => 'list-divider'} Original request URI
> %li
> %a{ :href => request.env['REQUEST_URI'], :'data-ajax' => 'false'}
> @@ -11,15 +11,18 @@
> %li{ :'data-role' => 'list-divider'} Error details
> %li
> - if @error.class.method_defined? :details
> - %p= @error.details
> + %p= h @error.details
> - else
> %em No details
> + %li{ :'data-role' => 'list-divider'} Backtrace
> + %li
> + %pre= bt @error.backtrace
>
> %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
> %h3 Backtrace
> %ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme' => 'e'}
> %li
> - %pre=@error.backtrace.join("\n")
> + %pre= h @error.backtrace.join("\n")
>
> %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
> %h3 Parameters
> @@ -40,4 +43,4 @@
> - next if value.inspect.to_s == '#'
> %li{ :'data-role' => 'list-divider'}=key
> %li
> - %span{:style => 'font-weight:normal;'}=value.inspect
> + %span{:style => 'font-weight:normal;'}= h value.inspect
> --
> 1.7.7.6
>