[Piglit] [PATCH] Escape HTML output when generating test result pages.
Paul Berry
stereotype441 at gmail.com
Tue Oct 22 14:28:38 CEST 2013
If a test generates output containing '<', '>', or '&', we need to
HTML escape it so that the web browser doesn't interpret it as
containing HTML tags.
While we're at it, go ahead and HTML escape the traceback and dmesg
outputs too.
---
templates/test_result.mako | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/templates/test_result.mako b/templates/test_result.mako
index b23fb8e..a2c749c 100644
--- a/templates/test_result.mako
+++ b/templates/test_result.mako
@@ -31,7 +31,7 @@
<tr>
<td>Info</td>
<td>
- <pre>${info}</pre>
+ <pre>${info | h}</pre>
</td>
</tr>
<tr>
@@ -43,13 +43,13 @@
<tr>
<td>Traceback</td>
<td>
- <pre>${traceback}</pre>
+ <pre>${traceback | h}</pre>
</td>
</tr>
<tr>
<td>dmesg</td>
<td>
- <pre>${dmesg}</pre>
+ <pre>${dmesg | h}</pre>
</td>
</tr>
</table>
--
1.8.4.1
More information about the Piglit
mailing list