Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 8fd7ec4595c409237a8240a22f98379707515a5b
https://github.com/tribe29/checkmk/commit/8fd7ec4595c409237a8240a22f9837970…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
A tests/unit/cmk/gui/plugins/views/test_painters.py
Log Message:
-----------
Add test to verify registered painters in different editions
Change-Id: I66ac00bd5114b4e2bb1d224b76318e35d19f41dc
Commit: e97e8493595fc5ec41886cc128fb8dec659ca6a6
https://github.com/tribe29/checkmk/commit/e97e8493595fc5ec41886cc128fb8dec6…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M tests/unit/cmk/gui/test_views.py
Log Message:
-----------
Remove long disabled development test that tested painter properties
Change-Id: I8c58a3d507cbf91e33c04b86eea301f4ec8a5f9b
Commit: 7201b295224db5cfece491403084b6f55e245188
https://github.com/tribe29/checkmk/commit/7201b295224db5cfece491403084b6f55…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M tests/unit/cmk/gui/plugins/views/test_painters.py
Log Message:
-----------
Service painters: Add test to verify content
The tests don't verify the actual painter content but only whether or
not they produce a valid content and don't raise exceptions.
After changing the painter escaping mechanic we can use these tests to
verify that no painter returns HTML code that will be escaped later.
Change-Id: Icac3fccbc5b11bf243e9493371bfb0b657eee58f
Commit: f93d836ffb0fe6e6817f5c58d29223ffe9f927ba
https://github.com/tribe29/checkmk/commit/f93d836ffb0fe6e6817f5c58d29223ffe…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M cmk/gui/plugins/views/mobile.py
M cmk/gui/plugins/views/utils.py
Log Message:
-----------
Tighten painter content escaping
In previous Checkmk versions the content returned by a painters render
method was always processed as HTML code, even when only a str object
was returned. This unclean handling of the returned data resulted in
possible injection or XSS attacks.
This change requires multiple painters to be changed in the next steps.
Since the str objects are now escaped, the painter render() methods
that want to render HTML code need to return HTML() objects instead
of str objects.
Change-Id: I767c643501165dbe38a04cf28f677f92ec30736c
Commit: 1d272f9fcfd960d541cf66f7c5852d5b2a4f50e3
https://github.com/tribe29/checkmk/commit/1d272f9fcfd960d541cf66f7c5852d5b2…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M cmk/gui/metrics.py
M cmk/gui/plugins/views/painters.py
Log Message:
-----------
Move dedicated helper function to painter
Change-Id: Iff3899342ac61a60482f50369095a653cde82474
Commit: 19c9a24bd1595211fed350f71b94c3110cacddcb
https://github.com/tribe29/checkmk/commit/19c9a24bd1595211fed350f71b94c3110…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M cmk/gui/plugins/views/inventory.py
M cmk/gui/plugins/views/painters.py
M cmk/gui/plugins/views/utils.py
M cmk/gui/view_utils.py
Log Message:
-----------
Fix content escaping of some painters
Change-Id: I24aa8431970a9093ec52b18207175845c1e9ac97
Commit: c10fff1d959fae85d7804d4cb6b9b184f59cfbbf
https://github.com/tribe29/checkmk/commit/c10fff1d959fae85d7804d4cb6b9b184f…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M tests/unit/cmk/gui/plugins/views/test_painters.py
Log Message:
-----------
Painters: Verify HTML escaping
Change-Id: I3805ef16b4e8954e535808db13a9ffbb7b683dea
Commit: 953a3804376b1f8c16539f65699424ceef011588
https://github.com/tribe29/checkmk/commit/953a3804376b1f8c16539f65699424cee…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M cmk/gui/plugins/views/inventory.py
Log Message:
-----------
Add some type hints to inventory painters
Change-Id: I612c0f8dbaa4015dbf404e46594748a256709909
Commit: 68e71df884776bb0f237c311f7955fd2df63ebc4
https://github.com/tribe29/checkmk/commit/68e71df884776bb0f237c311f7955fd2d…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M cmk/gui/bi.py
M cmk/gui/plugins/views/__init__.py
M cmk/gui/plugins/views/bi.py
Log Message:
-----------
BI painters: Fix content escaping; spread some type hints
Change-Id: Idfb40ba89ec94b136b6892224a600bae674bf621
Commit: 18e4cd1400d36721941b298b033f5e352e48d795
https://github.com/tribe29/checkmk/commit/18e4cd1400d36721941b298b033f5e352…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-12 (Mon, 12 Apr 2021)
Changed paths:
M cmk/gui/plugins/views/crash_reporting.py
M cmk/gui/plugins/views/mkeventd.py
M cmk/gui/plugins/views/painters.py
Log Message:
-----------
Remove now redundant escaping
Since the generic view painter rendering is now performing escaping
on non HTML content, the explicit escaping in the painters is not
needed anymore.
Change-Id: Ifa2777a389817187b832354ddd91cc194b0a83f0
Compare:
https://github.com/tribe29/checkmk/compare/ce24c8308169...18e4cd1400d3