diff options
author | Changqing Li <changqing.li@windriver.com> | 2021-03-14 18:03:25 -0700 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2022-06-03 15:29:22 +0200 |
commit | b9f6fe2750983e2619696ba633a5c2722acb5d5b (patch) | |
tree | e0b9c823ae9ea33b7d88f7101a3c1aa3163fbfc3 /scripts/oe-run-native | |
parent | fc904a9eb7a40d22e991e63b6d2289d622d55fea (diff) | |
download | openembedded-core-contrib-b9f6fe2750983e2619696ba633a5c2722acb5d5b.tar.gz |
report-error.bbclass: replace angle brackets with < and >
when we have below content in local.conf or auto.conf:
BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>"
send-error-report will fail with "HTTP Error 500: OK"
error-report-web do rudimentary check on all fields that are
passed to the graphs page to avoid any XSS happening, if contains
'<', the server will return error(Invalid characters in json).
fixed by use escape of <> to replace it.
NOTE: with this change, error-report-web need to add filter 'safe'
for the string wanted to display to avoid further HTML escaping
prior to output. Below is how the content displayed on webpage:
with the filter 'safe':
BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>"
without the filter 'safe':
BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>"
Another patch for error-report-web will send to yocto mail list.
[YOCTO #13252]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'scripts/oe-run-native')
0 files changed, 0 insertions, 0 deletions