From 286339ecd7be5497038b4474d002557332d2df9b Mon Sep 17 00:00:00 2001 From: Tom Herrmann Date: Tue, 5 Jul 2022 11:41:12 +0200 Subject: [PATCH 1/2] Escape user supplied data in html report (#2126) --- locust/html.py | 4 +++- locust/templates/report.html | 28 ++++++++++++++-------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/locust/html.py b/locust/html.py index 46a7052220..bf53862c36 100644 --- a/locust/html.py +++ b/locust/html.py @@ -80,6 +80,8 @@ def get_html_report(environment, show_download_link=True): "report.html", int=int, round=round, + escape=escape, + str=str, requests_statistics=requests_statistics, failures_statistics=failures_statistics, exceptions_statistics=exceptions_statistics, @@ -91,7 +93,7 @@ def get_html_report(environment, show_download_link=True): static_css="\n".join(static_css), show_download_link=show_download_link, locustfile=environment.locustfile, - tasks=escape(dumps(task_data)), + tasks=dumps(task_data), ) return res diff --git a/locust/templates/report.html b/locust/templates/report.html index 14fab7f702..aea6857cbb 100644 --- a/locust/templates/report.html +++ b/locust/templates/report.html @@ -1,7 +1,7 @@ - Test Report for {{ locustfile }} + Test Report for {{ escape(locustfile) }}