[all] Dynamic Zuul results table in Gerrit 3
radoslaw.piliszek at gmail.com
Thu Dec 3 13:52:45 UTC 2020
On Thu, Dec 3, 2020 at 2:38 PM Tristan Cacqueray <tdecacqu at redhat.com> wrote:
> On Thu, Dec 03, 2020 at 10:22 Radosław Piliszek wrote:
> > Hello Fellow OpenStack and OpenDev Folks!
> > TL;DR click on  and enjoy.
> It seems like this script is injecting build details directly using
> the innerHTML attribute without filtering html entities,
> please see the `Security considerations` section of
Yes, it is a generally valid remark but I consider both Gerrit and
Zuul (both of OpenDev) to have the exact same level of trust so did
not modify the approach.
But yes, for anyone trying to learn best practices from this snippet -
please do not, it is far from them. :-)
In general this approach is very wasteful as it causes rebuilding (or
rather rejoining) and reparsing of html, instead of DOM manipulations.
For such a simple table it does not hurt but please do not do it at home.
More information about the service-discuss