diff options
| author | Semyon Danilov <senya@ydb.tech> | 2025-06-03 16:34:19 +0300 |
|---|---|---|
| committer | robot-piglet <robot-piglet@yandex-team.com> | 2025-06-03 17:43:36 +0300 |
| commit | e8be3cf051dae10a46fd310d31042779a44de4c9 (patch) | |
| tree | 038b0d4129b0f34566b5842295c72b76b0927514 | |
| parent | 8a3202b8717fc1e1eba370e3b9898a1ede3a3e9b (diff) | |
| download | ydb-e8be3cf051dae10a46fd310d31042779a44de4c9.tar.gz | |
Fix LWTrace leaking HTTP request string to HTML page
Co-authored-by: the-ancient-1 <cthulhu@ydb.tech>
---
Pull Request resolved: https://github.com/ytsaurus/ytsaurus/pull/1303
commit_hash:92106e48ef7d9a34a2446896fb26dfe92c86d194
| -rw-r--r-- | library/cpp/lwtrace/mon/mon_lwtrace.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/library/cpp/lwtrace/mon/mon_lwtrace.cpp b/library/cpp/lwtrace/mon/mon_lwtrace.cpp index 09d56560c4b..2593845e487 100644 --- a/library/cpp/lwtrace/mon/mon_lwtrace.cpp +++ b/library/cpp/lwtrace/mon/mon_lwtrace.cpp @@ -301,7 +301,7 @@ public: } } catch (...) { ythrow yexception() - << CurrentExceptionMessage() + << EncodeHtmlPcdata(CurrentExceptionMessage()) << " while parsing track log query: " << Text; } @@ -1853,7 +1853,7 @@ public: try { Os << src->GetStartTime().ToStringUpToSeconds(); } catch (...) { - Os << "error: " << CurrentExceptionMessage(); + Os << "error: " << EncodeHtmlPcdata(CurrentExceptionMessage()); } Os << "</td>" << "<td><div class=\"dropdown\">" @@ -3827,11 +3827,11 @@ public: if (request.GetParams().Get("error") == "text") { // Text error reply is helpful for ajax requests out << NMonitoring::HTTPOKTEXT; - out << CurrentExceptionMessage(); + out << EncodeHtmlPcdata(CurrentExceptionMessage()); } else { WWW_HTML(out) { out << "<h2>Error</h2><pre>" - << CurrentExceptionMessage() + << EncodeHtmlPcdata(CurrentExceptionMessage()) << Endl; } } |