Closed jonwinton closed 3 years ago
This PR aims to fix a problem we ran into where HTML in a log broke the page because it wasn't escaped. Here's an example:
The black section is the hover styling for the log, but it shows that there's a CSS declaration setting the body background to white.
body
It turns out we render the log content in a few places, so this just touched up a couple of the places we could render HTML to sanitize it all.
After adding the existing HTML escape function the UI is fixed:
I added a very simple HTML output that is a toned down version of what we saw in our logging cluster so that any future HTML logs will be caught.
Purpose
This PR aims to fix a problem we ran into where HTML in a log broke the page because it wasn't escaped. Here's an example:
The black section is the hover styling for the log, but it shows that there's a CSS declaration setting the
bodybackground to white.Changes
It turns out we render the log content in a few places, so this just touched up a couple of the places we could render HTML to sanitize it all.
After adding the existing HTML escape function the UI is fixed:
Testing
I added a very simple HTML output that is a toned down version of what we saw in our logging cluster so that any future HTML logs will be caught.