ACK. On Jul 30, 2012, at 10:43 PM, [email protected] wrote:
> From: David Lutterkort <[email protected]> > > * Special characters like &, <, and > need to be escaped in error messages > * In the backtrace in error messages, only show paths in deltacloud itself; > the full backtrace is still in the error details secion of the page > --- > server/lib/deltacloud/helpers/deltacloud_helper.rb | 11 +++++++++++ > server/views/errors/500.html.haml | 11 +++++++---- > 2 files changed, 18 insertions(+), 4 deletions(-) > > diff --git a/server/lib/deltacloud/helpers/deltacloud_helper.rb > b/server/lib/deltacloud/helpers/deltacloud_helper.rb > index 799478e..df23cea 100644 > --- a/server/lib/deltacloud/helpers/deltacloud_helper.rb > +++ b/server/lib/deltacloud/helpers/deltacloud_helper.rb > @@ -288,6 +288,17 @@ module Deltacloud::Helpers > not features_arr.empty? > end > > + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => > '"' } > + > + def h(s) > + s.to_s.gsub(/[&"><]/n) { |special| HTML_ESCAPE[special] } > + end > + > + def bt(trace) > + app_path = File::expand_path("../../..", __FILE__) > + trace.select { |t| t.match(%r{^#{app_path}}) }.join("\n") > + end > + > private > def hardware_property_unit(prop) > u = ::Deltacloud::HardwareProfile::unit(prop) > diff --git a/server/views/errors/500.html.haml > b/server/views/errors/500.html.haml > index 19cf090..1b04a21 100644 > --- a/server/views/errors/500.html.haml > +++ b/server/views/errors/500.html.haml > @@ -2,7 +2,7 @@ > %ul{ :'data-role' => :listview , :'data-inset' => :true, > :'data-divider-theme' => 'e'} > %li{ :'data-role' => 'list-divider'} Server message > %li > - %h3=[@error.class.name, @error.message].join(' - ') > + %h3= h [@error.class.name, @error.message].join(' - ') > %li{ :'data-role' => 'list-divider'} Original request URI > %li > %a{ :href => request.env['REQUEST_URI'], :'data-ajax' => 'false'} > @@ -11,15 +11,18 @@ > %li{ :'data-role' => 'list-divider'} Error details > %li > - if @error.class.method_defined? :details > - %p= @error.details > + %p= h @error.details > - else > %em No details > + %li{ :'data-role' => 'list-divider'} Backtrace > + %li > + %pre= bt @error.backtrace > > %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"} > %h3 Backtrace > %ul{ :'data-role' => :listview , :'data-inset' => :true, > :'data-divider-theme' => 'e'} > %li > - %[email protected]("\n") > + %pre= h @error.backtrace.join("\n") > > %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"} > %h3 Parameters > @@ -40,4 +43,4 @@ > - next if value.inspect.to_s == '#' > %li{ :'data-role' => 'list-divider'}=key > %li > - %span{:style => 'font-weight:normal;'}=value.inspect > + %span{:style => 'font-weight:normal;'}= h value.inspect > -- > 1.7.7.6 >
