deltacloud-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lut...@apache.org
Subject [2/3] git commit: error messages: quote HTML, shorten backtrace
Date Wed, 26 Sep 2012 22:38:15 GMT
error messages: quote HTML, shorten backtrace

  * Special characters like &, <, and > need to be escaped in error messages
  * In the backtrace in error messages, only show paths in deltacloud itself;
    the full backtrace is still in the error details secion of the page


Project: http://git-wip-us.apache.org/repos/asf/deltacloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltacloud/commit/9e888030
Tree: http://git-wip-us.apache.org/repos/asf/deltacloud/tree/9e888030
Diff: http://git-wip-us.apache.org/repos/asf/deltacloud/diff/9e888030

Branch: refs/heads/master
Commit: 9e888030681a0aeca7b0ede655e78c23c501a4d7
Parents: 779cc39
Author: David Lutterkort <lutter@redhat.com>
Authored: Mon Jun 4 17:33:08 2012 -0700
Committer: David Lutterkort <lutter@redhat.com>
Committed: Wed Sep 26 15:23:04 2012 -0700

----------------------------------------------------------------------
 server/lib/deltacloud/helpers/deltacloud_helper.rb |   24 +++++++++++++++
 server/views/cimi/errors/500.xml.haml              |    2 +-
 server/views/errors/500.html.haml                  |   11 ++++--
 3 files changed, 32 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltacloud/blob/9e888030/server/lib/deltacloud/helpers/deltacloud_helper.rb
----------------------------------------------------------------------
diff --git a/server/lib/deltacloud/helpers/deltacloud_helper.rb b/server/lib/deltacloud/helpers/deltacloud_helper.rb
index ff9ca20..36205e4 100644
--- a/server/lib/deltacloud/helpers/deltacloud_helper.rb
+++ b/server/lib/deltacloud/helpers/deltacloud_helper.rb
@@ -294,6 +294,30 @@ module Deltacloud::Helpers
       klass.extend SinatraHelper
     end
 
+    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;',
'"' => '&quot;' }
+
+    def h(s)
+      s.to_s.gsub(/[&"><]/n) { |special| HTML_ESCAPE[special] }
+    end
+
+    def bt(trace)
+      return trace.join("\n") if params['fulltrace']
+      app_path = File::expand_path("../../..", __FILE__)
+      dots = false
+
+        trace = trace.map { |t| t.match(%r{^#{app_path}(.*)$}) ? "$app#{$1}" : "..." }.select
do |t|
+        if t == "..."
+          keep = ! dots
+          dots = true
+        else
+          keep = true
+          dots = false
+        end
+        keep
+      end
+      "[\nAbbreviated trace\n   pass fulltrace=1 as query param to see everything\n  $app
= #{app_path}\n]\n" + trace.join("\n")
+    end
+
     private
     def hardware_property_unit(prop)
       u = ::Deltacloud::HardwareProfile::unit(prop)

http://git-wip-us.apache.org/repos/asf/deltacloud/blob/9e888030/server/views/cimi/errors/500.xml.haml
----------------------------------------------------------------------
diff --git a/server/views/cimi/errors/500.xml.haml b/server/views/cimi/errors/500.xml.haml
index bffa9ee..831d8a4 100644
--- a/server/views/cimi/errors/500.xml.haml
+++ b/server/views/cimi/errors/500.xml.haml
@@ -3,4 +3,4 @@
   %message< #{cdata @error.message}
   %backend{ :driver => driver_symbol }
     %code=response.status
-  %backtrace< #{cdata @error.backtrace.join("\n")}
+  %backtrace< #{h bt(@error.backtrace)}

http://git-wip-us.apache.org/repos/asf/deltacloud/blob/9e888030/server/views/errors/500.html.haml
----------------------------------------------------------------------
diff --git a/server/views/errors/500.html.haml b/server/views/errors/500.html.haml
index 19cf090..1b04a21 100644
--- a/server/views/errors/500.html.haml
+++ b/server/views/errors/500.html.haml
@@ -2,7 +2,7 @@
   %ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme' =>
'e'}
     %li{ :'data-role' => 'list-divider'} Server message
     %li
-      %h3=[@error.class.name, @error.message].join(' - ')
+      %h3= h [@error.class.name, @error.message].join(' - ')
     %li{ :'data-role' => 'list-divider'} Original request URI
     %li
       %a{ :href => request.env['REQUEST_URI'], :'data-ajax' => 'false'}
@@ -11,15 +11,18 @@
     %li{ :'data-role' => 'list-divider'} Error details
     %li
       - if @error.class.method_defined? :details
-        %p= @error.details
+        %p= h @error.details
       - else
         %em No details
+    %li{ :'data-role' => 'list-divider'} Backtrace
+    %li
+      %pre= bt @error.backtrace
 
   %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
     %h3 Backtrace
     %ul{ :'data-role' => :listview , :'data-inset' => :true, :'data-divider-theme'
=> 'e'}
       %li
-        %pre=@error.backtrace.join("\n")
+        %pre= h @error.backtrace.join("\n")
 
   %div{ 'data-role' => :collapsible, 'data-collapsed' => "true"}
     %h3 Parameters
@@ -40,4 +43,4 @@
         - next if value.inspect.to_s == '#'
         %li{ :'data-role' => 'list-divider'}=key
         %li
-          %span{:style => 'font-weight:normal;'}=value.inspect
+          %span{:style => 'font-weight:normal;'}= h value.inspect


Mime
View raw message