Commit 18fcdd36 authored by Stan Hu's avatar Stan Hu

Use jQuery to strip HTML from response

parent 01355138
...@@ -43,7 +43,8 @@ class GeoNodeStatus { ...@@ -43,7 +43,8 @@ class GeoNodeStatus {
if (status.health === 'Healthy') { if (status.health === 'Healthy') {
this.$health.html(''); this.$health.html('');
} else { } else {
this.$health.html(`<code class="geo-health">${status.health}</code>`); const strippedData = $('<div>').html(`${status.health}`).text();
this.$health.html(`<code class="geo-health">${strippedData}</code>`);
} }
this.$status.show(); this.$status.show();
......
module Geo module Geo
class NodeStatusService class NodeStatusService
include ActionView::Helpers::SanitizeHelper
include Gitlab::CurrentSettings include Gitlab::CurrentSettings
include HTTParty include HTTParty
...@@ -29,11 +28,11 @@ module Geo ...@@ -29,11 +28,11 @@ module Geo
if payload.is_a?(Hash) if payload.is_a?(Hash)
payload['message'] payload['message']
else else
# The return value can be a giant blob of HTML; ignore it
'' ''
end end
summary = [message, details].compact.join("\n") Array([message, details].compact.join("\n"))
[sanitize(summary)]
end end
rescue HTTParty::Error, Timeout::Error, SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED => e rescue HTTParty::Error, Timeout::Error, SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED => e
[e.message] [e.message]
...@@ -44,10 +43,6 @@ module Geo ...@@ -44,10 +43,6 @@ module Geo
private private
def sanitize(message)
ActionView::Base.full_sanitizer.sanitize(message)
end
def headers def headers
Gitlab::Geo::BaseRequest.new.headers Gitlab::Geo::BaseRequest.new.headers
end end
......
...@@ -11,11 +11,11 @@ describe Geo::NodeStatusService, services: true do ...@@ -11,11 +11,11 @@ describe Geo::NodeStatusService, services: true do
end end
describe '#call' do describe '#call' do
it 'strips tags from a 401 response' do it 'parses a 401 response' do
request = double(success?: false, request = double(success?: false,
code: 401, code: 401,
message: 'Unauthorized', message: 'Unauthorized',
parsed_response: { 'message' => '<html><h1>Test</h1></html>' } ) parsed_response: { 'message' => 'Test' } )
allow(described_class).to receive(:get).and_return(request) allow(described_class).to receive(:get).and_return(request)
status = subject.call(secondary) status = subject.call(secondary)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment