Skip to content

Commit a51dbcf

Browse files
jdomeracki-codersreyaf0ssel
authored
fix: escape agent log HTML (#25808) (#26266)
Cherry-pick backport to `release/2.29`. --------- Co-authored-by: Jon Ayers <jon@coder.com> Co-authored-by: Garrett Delfosse <delfossegarrett@gmail.com>
1 parent 3db810c commit a51dbcf

2 files changed

Lines changed: 32 additions & 1 deletion

File tree

site/src/modules/resources/AgentLogs/AgentLogLine.test.tsx

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
import { renderComponent } from "testHelpers/renderHelpers";
2+
import { screen } from "@testing-library/react";
3+
import type { Line } from "components/Logs/LogLine";
4+
import { AgentLogLine } from "./AgentLogLine";
5+
6+
const line: Line = {
7+
id: 1,
8+
level: "info",
9+
output: 'safe <span data-testid="agent-log-xss">xss</span>',
10+
sourceId: "source-id",
11+
time: "2024-03-14T11:31:04.090715Z",
12+
};
13+
14+
describe("AgentLogLine", () => {
15+
it("renders log HTML as escaped text", () => {
16+
renderComponent(
17+
<AgentLogLine
18+
line={line}
19+
number={1}
20+
maxLineNumber={1}
21+
sourceIcon={null}
22+
style={{}}
23+
/>,
24+
);
25+
26+
expect(screen.queryByTestId("agent-log-xss")).not.toBeInTheDocument();
27+
expect(
28+
screen.getByText(/safe <span data-testid="agent-log-xss">xss<\/span>/),
29+
).toBeInTheDocument();
30+
});
31+
});

site/src/modules/resources/AgentLogs/AgentLogLine.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import { type FC, type ReactNode, useMemo } from "react";
55
// Approximate height of a log line. Used to control virtualized list height.
66
export const AGENT_LOG_LINE_HEIGHT = 20;
77

8-
const convert = new AnsiToHTML();
8+
const convert = new AnsiToHTML({ escapeXML: true });
99

1010
interface AgentLogLineProps {
1111
line: Line;

0 commit comments

Comments
 (0)