From c248dfb437432b6dac4ba38ff047a863a1a74624 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Thu, 28 May 2026 14:43:07 -0500 Subject: [PATCH] fix: escape agent log HTML (#25808) --- .../resources/AgentLogs/AgentLogLine.test.tsx | 23 +++++++++++++++++++ .../resources/AgentLogs/AgentLogLine.tsx | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 site/src/modules/resources/AgentLogs/AgentLogLine.test.tsx diff --git a/site/src/modules/resources/AgentLogs/AgentLogLine.test.tsx b/site/src/modules/resources/AgentLogs/AgentLogLine.test.tsx new file mode 100644 index 0000000000..80b1d900b0 --- /dev/null +++ b/site/src/modules/resources/AgentLogs/AgentLogLine.test.tsx @@ -0,0 +1,23 @@ +import { screen } from "@testing-library/react"; +import type { Line } from "#/components/Logs/LogLine"; +import { renderComponent } from "#/testHelpers/renderHelpers"; +import { AgentLogLine } from "./AgentLogLine"; + +const line: Line = { + id: 1, + level: "info", + output: 'safe xss', + sourceId: "source-id", + time: "2024-03-14T11:31:04.090715Z", +}; + +describe("AgentLogLine", () => { + it("renders log HTML as escaped text", () => { + renderComponent(); + + expect(screen.queryByTestId("agent-log-xss")).not.toBeInTheDocument(); + expect( + screen.getByText(/safe xss<\/span>/), + ).toBeInTheDocument(); + }); +}); diff --git a/site/src/modules/resources/AgentLogs/AgentLogLine.tsx b/site/src/modules/resources/AgentLogs/AgentLogLine.tsx index 2fc68a63c2..d7b3c50dbf 100644 --- a/site/src/modules/resources/AgentLogs/AgentLogLine.tsx +++ b/site/src/modules/resources/AgentLogs/AgentLogLine.tsx @@ -5,7 +5,7 @@ import { type Line, LogLine, LogLinePrefix } from "#/components/Logs/LogLine"; // Approximate height of a log line. Used to control virtualized list height. export const AGENT_LOG_LINE_HEIGHT = 20; -const convert = new AnsiToHTML(); +const convert = new AnsiToHTML({ escapeXML: true }); interface AgentLogLineProps { line: Line;