Skip to content

Commit

Permalink
Escape user supplied data in html report (#2126) (#2127)
Browse files Browse the repository at this point in the history
* Escape user supplied data in html report (#2126)

authored-by: Tom Herrmann <[email protected]>
  • Loading branch information
herrmanntom authored Jul 5, 2022
1 parent e5e49b6 commit 0be56b3
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 15 deletions.
4 changes: 3 additions & 1 deletion locust/html.py
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ def get_html_report(environment, show_download_link=True):
"report.html",
int=int,
round=round,
escape=escape,
str=str,
requests_statistics=requests_statistics,
failures_statistics=failures_statistics,
exceptions_statistics=exceptions_statistics,
Expand All @@ -91,7 +93,7 @@ def get_html_report(environment, show_download_link=True):
static_css="\n".join(static_css),
show_download_link=show_download_link,
locustfile=environment.locustfile,
tasks=escape(dumps(task_data)),
tasks=dumps(task_data),
)

return res
28 changes: 14 additions & 14 deletions locust/templates/report.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html>
<head>
<title>Test Report for {{ locustfile }}</title>
<title>Test Report for {{ escape(str(locustfile)) }}</title>
<style>
body {
background: #173529;
Expand Down Expand Up @@ -45,8 +45,8 @@ <h1>Locust Test Report</h1>
<p class="download"><a href="?download=1">Download the Report</a></p>
{% endif %}
<p>During: <span class="l10n datetime">{{ start_time }}</span> - <span class="l10n datetime">{{ end_time }}</span></p>
<p>Target Host: <span>{{ host }}</span></p>
<p>Script: <span>{{ locustfile }}</span></p>
<p>Target Host: <span>{{ escape(str(host)) }}</span></p>
<p>Script: <span>{{ escape(str(locustfile)) }}</span></p>
</div>

<div class="requests">
Expand All @@ -69,8 +69,8 @@ <h2>Request Statistics</h2>
<tbody>
{% for s in requests_statistics %}
<tr{% if loop.last %} class="total"{% endif %}>
<td>{{ s.method or "" }}</td>
<td>{{ s.name }}</td>
<td>{{ escape(s.method or "") }}</td>
<td>{{ escape(s.name) }}</td>
<td>{{ int(s.num_requests) }}</td>
<td>{{ int(s.num_failures) }}</td>
<td>{{ int(s.avg_response_time) }}</td>
Expand Down Expand Up @@ -105,8 +105,8 @@ <h2>Response Time Statistics</h2>
<tbody>
{% for s in requests_statistics %}
<tr{% if loop.last %} class="total"{% endif %}>
<td>{{ s.method or "" }}</td>
<td>{{ s.name }}</td>
<td>{{ escape(s.method or "") }}</td>
<td>{{ escape(s.name) }}</td>
<td>{{ int(s.get_response_time_percentile(0.5)) }}</td>
<td>{{ int(s.get_response_time_percentile(0.6)) }}</td>
<td>{{ int(s.get_response_time_percentile(0.7)) }}</td>
Expand Down Expand Up @@ -136,9 +136,9 @@ <h2>Failures Statistics</h2>
<tbody>
{% for s in failures_statistics %}
<tr>
<td>{{ s.method or "" }}</td>
<td>{{ s.name }}</td>
<td>{{ s.error }}</td>
<td>{{ escape(s.method or "") }}</td>
<td>{{ escape(s.name) }}</td>
<td>{{ escape(str(s.error)) }}</td>
<td>{{ s.occurrences }}</td>
</tr>
{% endfor %}
Expand All @@ -163,9 +163,9 @@ <h2>Exceptions Statistics</h2>
{% for s in exceptions_statistics %}
<tr>
<td>{{ s.count }}</td>
<td>{{ s.msg }}</td>
<td>{{ s.traceback }}</td>
<td>{{ s.nodes }}</td>
<td>{{ escape(s.msg) }}</td>
<td>{{ escape(s.traceback) }}</td>
<td>{{ escape(s.nodes) }}</td>
</tr>
{% endfor %}
</tbody>
Expand All @@ -181,7 +181,7 @@ <h2>Charts</h2>

<div id="tasks">
<h2>Final ratio</h2>
<div class="tasks" data-tasks="{{tasks}}"></div>
<div class="tasks" data-tasks="{{ escape(tasks) }}"></div>
</div>

</div>
Expand Down

0 comments on commit 0be56b3

Please sign in to comment.