fix: escape agent log HTML (#25808) (#26266) · coder/coder@a51dbcf

File tree

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,31 @@`
	`1`	`+import { renderComponent } from "testHelpers/renderHelpers";`
	`2`	`+import { screen } from "@testing-library/react";`
	`3`	`+import type { Line } from "components/Logs/LogLine";`
	`4`	`+import { AgentLogLine } from "./AgentLogLine";`
	`5`	`+`
	`6`	`+const line: Line = {`
	`7`	`+id: 1,`
	`8`	`+level: "info",`
	`9`	`+output: 'safe <span data-testid="agent-log-xss">xss</span>',`
	`10`	`+sourceId: "source-id",`
	`11`	`+time: "2024-03-14T11:31:04.090715Z",`
	`12`	`+};`
	`13`	`+`
	`14`	`+describe("AgentLogLine", () => {`
	`15`	`+it("renders log HTML as escaped text", () => {`
	`16`	`+renderComponent(`
	`17`	`+<AgentLogLine`
	`18`	`+line={line}`
	`19`	`+number={1}`
	`20`	`+maxLineNumber={1}`
	`21`	`+sourceIcon={null}`
	`22`	`+style={{}}`
	`23`	`+/>,`
	`24`	`+);`
	`25`	`+`
	`26`	`+expect(screen.queryByTestId("agent-log-xss")).not.toBeInTheDocument();`
	`27`	`+expect(`
	`28`	`+screen.getByText(/safe <span data-testid="agent-log-xss">xss<\/span>/),`
	`29`	`+).toBeInTheDocument();`
	`30`	`+});`
	`31`	`+});`

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ import { type FC, type ReactNode, useMemo } from "react";`
`5`	`5`	`// Approximate height of a log line. Used to control virtualized list height.`
`6`	`6`	`export const AGENT_LOG_LINE_HEIGHT = 20;`
`7`	`7`
`8`		`-const convert = new AnsiToHTML();`
	`8`	`+const convert = new AnsiToHTML({ escapeXML: true });`
`9`	`9`
`10`	`10`	`interface AgentLogLineProps {`
`11`	`11`	`line: Line;`