diff options
| author | Paul Berry <stereotype441@gmail.com> | 2013-10-22 05:17:11 -0700 |
|---|---|---|
| committer | Paul Berry <stereotype441@gmail.com> | 2013-10-23 17:10:43 -0700 |
| commit | f2e9ac625edec10192292138121fbc9a9797ed6d (patch) | |
| tree | 6621641b346b473110943f208702c9c85e1b6279 /templates | |
| parent | 176acfbad2444c5640fefdb76993a756b925af31 (diff) | |
Escape HTML output when generating test result pages.
If a test generates output containing '<', '>', or '&', we need to
HTML escape it so that the web browser doesn't interpret it as
containing HTML tags.
While we're at it, go ahead and HTML escape the traceback and dmesg
outputs too.
Reviewed-by: Dylan Baker <baker.dylan.c@gmail.com>
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/test_result.mako | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/templates/test_result.mako b/templates/test_result.mako index b23fb8e27..a2c749ccd 100644 --- a/templates/test_result.mako +++ b/templates/test_result.mako @@ -31,7 +31,7 @@ <tr> <td>Info</td> <td> - <pre>${info}</pre> + <pre>${info | h}</pre> </td> </tr> <tr> @@ -43,13 +43,13 @@ <tr> <td>Traceback</td> <td> - <pre>${traceback}</pre> + <pre>${traceback | h}</pre> </td> </tr> <tr> <td>dmesg</td> <td> - <pre>${dmesg}</pre> + <pre>${dmesg | h}</pre> </td> </tr> </table> |