Merge branch 'sh-sanitize-node-status' into 'master'

Strip out any HTML tags in Geo response and upon failure omit full response text

Closes #2786

See merge request !2318

app/assets/javascripts/geo_nodes.js

@@ -43,7 +43,8 @@ class GeoNodeStatus {
       if (status.health === 'Healthy') {
         this.$health.html('');
       } else {
-        this.$health.html(`<code class="geo-health">${status.health}</code>`);
+        const strippedData = $('<div>').html(`${status.health}`).text();
+        this.$health.html(`<code class="geo-health">${strippedData}</code>`);
       }
 
       this.$status.show();

app/services/geo/node_status_service.rb

@@ -28,7 +28,8 @@ module Geo
               if payload.is_a?(Hash)
                 payload['message']
               else
-                payload
+                # The return value can be a giant blob of HTML; ignore it
+                ''
               end
 
             Array([message, details].compact.join("\n"))

spec/services/geo/node_status_service_spec.rb

@@ -39,5 +39,17 @@ describe Geo::NodeStatusService, services: true do
 
       expect(status).to have_attributes(data)
     end
+
+    it 'omits full response text in status' do
+      request = double(success?: false,
+                       code: 401,
+                       message: 'Unauthorized',
+                       parsed_response: '<html><h1>You are not allowed</h1></html>')
+      allow(described_class).to receive(:get).and_return(request)
+
+      status = subject.call(secondary)
+
+      expect(status.health).to eq("Could not connect to Geo node - HTTP Status Code: 401 Unauthorized\n")
+    end
   end
 end