From 3333f78cf7bb0efeb2218b38fc55cb7630756547 Mon Sep 17 00:00:00 2001 From: Ned Batchelder Date: Tue, 26 Apr 2022 14:56:30 -0400 Subject: [PATCH] fix(process_warnings): escape html text so that doesn't disappear --- openedx/core/process_warnings.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/openedx/core/process_warnings.py b/openedx/core/process_warnings.py index 4cdbe59f3c..0f2442b0a7 100644 --- a/openedx/core/process_warnings.py +++ b/openedx/core/process_warnings.py @@ -10,6 +10,7 @@ import json import os import re from collections import Counter +from xml.sax.saxutils import escape from write_to_html import HtmlOutlineWriter # noqa pylint: disable=import-error,useless-suppression @@ -191,7 +192,7 @@ def write_html_report(warnings_data, html_path): for category, group_in_category, category_count in category_sorted_by_count: # xss-lint: disable=python-wrap-html html = '{category}, count: {count} '.format( - category=category, count=category_count + category=escape(category), count=category_count ) html_writer.start_section(html, klass="category") locations_sorted_by_count = group_and_sort_by_sumof( @@ -205,7 +206,7 @@ def write_html_report(warnings_data, html_path): ) in locations_sorted_by_count: # xss-lint: disable=python-wrap-html html = '{location}, count: {count} '.format( - location=location, count=location_count + location=escape(location), count=location_count ) html_writer.start_section(html, klass="location") message_group_sorted_by_count = group_and_sort_by_sumof( @@ -218,7 +219,7 @@ def write_html_report(warnings_data, html_path): ) in message_group_sorted_by_count: # xss-lint: disable=python-wrap-html html = '{warning_text}, count: {count} '.format( - warning_text=message, count=message_count + warning_text=escape(message), count=message_count ) html_writer.start_section(html, klass="warning_text") # warnings_object[location][warning_text] is a list