◐ Shell
clean mode source ↗

fix: escape agent log HTML (#25808) (#26245) · coder/coder@d3e330c

File tree

  • site/src/modules/resources/AgentLogs

Original file line numberDiff line numberDiff line change

@@ -0,0 +1,23 @@

1+

import { screen } from "@testing-library/react";

2+

import type { Line } from "#/components/Logs/LogLine";

3+

import { renderComponent } from "#/testHelpers/renderHelpers";

4+

import { AgentLogLine } from "./AgentLogLine";

5+
6+

const line: Line = {

7+

id: 1,

8+

level: "info",

9+

output: 'safe <span data-testid="agent-log-xss">xss</span>',

10+

sourceId: "source-id",

11+

time: "2024-03-14T11:31:04.090715Z",

12+

};

13+
14+

describe("AgentLogLine", () => {

15+

it("renders log HTML as escaped text", () => {

16+

renderComponent(<AgentLogLine line={line} sourceIcon={null} style={{}} />);

17+
18+

expect(screen.queryByTestId("agent-log-xss")).not.toBeInTheDocument();

19+

expect(

20+

screen.getByText(/safe <span data-testid="agent-log-xss">xss<\/span>/),

21+

).toBeInTheDocument();

22+

});

23+

});

Original file line numberDiff line numberDiff line change

@@ -5,7 +5,7 @@ import { type Line, LogLine, LogLinePrefix } from "#/components/Logs/LogLine";

55

// Approximate height of a log line. Used to control virtualized list height.

66

export const AGENT_LOG_LINE_HEIGHT = 20;

77
8-

const convert = new AnsiToHTML();

8+

const convert = new AnsiToHTML({ escapeXML: true });

99
1010

interface AgentLogLineProps {

1111

line: Line;