Bug 725038
Summary: | Banner notifications containing invalid html can hang a page | ||
---|---|---|---|
Product: | Red Hat Enterprise MRG | Reporter: | Trevor McKay <tmckay> |
Component: | cumin | Assignee: | Trevor McKay <tmckay> |
Status: | CLOSED ERRATA | QA Contact: | Jeff Needle <jneedle> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 2.0 | CC: | jneedle, matt, mkudlej |
Target Milestone: | 2.1 | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | cumin-0.1.5033-1 | Doc Type: | Bug Fix |
Doc Text: |
Previously, messages printed in yellow task status banners in the Cumin web console could potentially contain characters that break XML parsing in a browser during display. If such a message was printed, the browser displayed an error message, no Cumin content was visible, and Cumin had to be restarted to restore the user interface. With this update, code has been added to properly escape special characters in the banner messages before display, thus preventing this bug.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-01-23 17:27:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 743350 |
Description
Trevor McKay
2011-07-22 16:08:13 UTC
Easiest way to test is with code from trunk....Unfortunately the reproduction scenario cannot be run in 2.0 because the aviary functionality is not present. But trust me, the error message below should break the browser :) 1. Set use-aviary to True in cumin.conf (should be default) 2. Set aviary-host to a machine that is not running aviary. 3. Try to submit a job, or hold/release/remove an existing job. This will result in a connection refused message from the aviary client, which contains XML special characters. Message should render to the screen without error, for example. Hold: Failed (<urlopen error [Errno 111] Connection refused>) Fixed in revision 4886. This problem does exist in 2.0, it's just difficult to come up with a scenario that displays it. Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause The messages printed in yellow task status banners in Cumin can potentially contain characters that break XML parsing in a browser during display. Consequence If such a message is printed, the browser will display an error message and no Cumin content will be visible. The simplest way to restore the UI is to restart Cumin, since no links are visible to dismiss the task banner or logout the user. Fix Code has been added to properly escape special characters in the banner messages before display. Result The properly escaped error messages display correctly and functionality is not interrupted. Unreproducible. Should be skip-errata. Unverifiable as well, as cumin seems to fall-back to QMF when Aviary is not running. Nope, sorry. When I do not set brokers in cumin and do not run the Aviary, I get simply 'Submit job 'Test1': Forbidden' Without any XML mess. Verified in cumin-0.1.5068-1.el6.noarch Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,11 +1 @@ -Cause +Previously, messages printed in yellow task status banners in the Cumin web console could potentially contain characters that break XML parsing in a browser during display. If such a message was printed, the browser displayed an error message, no Cumin content was visible, and Cumin had to be restarted to restore the user interface. With this update, code has been added to properly escape special characters in the banner messages before display, thus preventing this bug.- The messages printed in yellow task status banners in Cumin can potentially contain characters that break XML parsing in a browser during display. - -Consequence - If such a message is printed, the browser will display an error message and no Cumin content will be visible. The simplest way to restore the UI is to restart Cumin, since no links are visible to dismiss the task banner or logout the user. - -Fix - Code has been added to properly escape special characters in the banner messages before display. - -Result - The properly escaped error messages display correctly and functionality is not interrupted. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0045.html |