path: root/meta/recipes-devtools/gcc/gcc/0001-Revert-libstdc-Install-libstdc-gdb.py-more-robustly-.patch
diff options
authorChangqing Li <changqing.li@windriver.com>2021-03-14 18:03:25 -0700
committerMartin Jansa <Martin.Jansa@gmail.com>2021-11-25 15:38:03 +0100
commitb16b6d7f3515253bdc3374e093c976f1b28a100d (patch)
tree8a7dccc9982a318d263cc10849652f83f29541e9 /meta/recipes-devtools/gcc/gcc/0001-Revert-libstdc-Install-libstdc-gdb.py-more-robustly-.patch
parent3fddabdbaa7325ae464410f40965ad53a1f57354 (diff)
report-error.bbclass: replace angle brackets with &lt; and &gt;jansa/master
when we have below content in local.conf or auto.conf: BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>" send-error-report will fail with "HTTP Error 500: OK" error-report-web do rudimentary check on all fields that are passed to the graphs page to avoid any XSS happening, if contains '<', the server will return error(Invalid characters in json). fixed by use escape of <> to replace it. NOTE: with this change, error-report-web need to add filter 'safe' for the string wanted to display to avoid further HTML escaping prior to output. Below is how the content displayed on webpage: with the filter 'safe': BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj <raj.khem@gmail.com>" without the filter 'safe': BUILDHISTORY_COMMIT_AUTHOR ?= "Khem Raj &lt;raj.khem@gmail.com&gt;" Another patch for error-report-web will send to yocto mail list. [YOCTO #13252] Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta/recipes-devtools/gcc/gcc/0001-Revert-libstdc-Install-libstdc-gdb.py-more-robustly-.patch')
0 files changed, 0 insertions, 0 deletions