Locust: URL names in dashboard are not HTML escaped
URL names (for stats) are not HTML-escaped in the dashboard. This makes names with angle brackets disappear. For example:
self.client.get(url, name='/some-resource/upload/<uuid>')
would show up as /some-resource/upload/ instead of /some-resource/upload/<uuid> which is confusing. There could be some XSS security concerns here as well.
kumar303
All 12 comments
Closing due to lack of activity. Let me know if this is still an issue.
cyberw
on 18 Oct 2019
I just tested this. It's still an issue, and I think we should fix it.
heyman
on 21 Oct 2019
Can I take it?
peterdemin
on 23 Oct 2019
@peterdemin By all means!
cyberw
on 23 Oct 2019
Alright, where do I start? I'm experienced with Python, but new to Locust.
peterdemin
on 23 Oct 2019
Uhm, if you've never used locust then you would need to start using it first, enough that you can at least reproduce the error.
I'm not even sure where the fix should be applied. Maybe in request_stats() in web.py, on line 111.
cyberw
on 23 Oct 2019
I'm using locust here and there for a few years already :-) Thanks for the guidance.
peterdemin
on 23 Oct 2019
Cool, I was confused and thought maybe the hacktoberfest tag had attracted some kind of "drive by contributors" who didnt know what Locust was even for :P
cyberw
on 23 Oct 2019
No, I just felt the urge to contribute back to the project I enjoy and used the Hacktoberfest label to filter low-hanging fruits.
peterdemin
on 23 Oct 2019
Fixed in #1119
peterdemin
on 23 Oct 2019
This can be closed, I believe.
peterdemin
on 24 Oct 2019
Thx!
cyberw
on 24 Oct 2019
Related issues
styk-tv
路
3Comments
meeech
路
4Comments
bgenchel
路
3Comments
kowalcj0
路
3Comments
wosc
路
3Comments
Most helpful comment
No, I just felt the urge to contribute back to the project I enjoy and used the Hacktoberfest label to filter low-hanging fruits.