Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BANNER_MAINTENANCE not allowing HTML #15872

Closed
AnythingOverIP opened this issue Apr 26, 2024 · 2 comments · Fixed by #15885
Closed

BANNER_MAINTENANCE not allowing HTML #15872

AnythingOverIP opened this issue Apr 26, 2024 · 2 comments · Fixed by #15885
Assignees
@arthanson
Labels
severity: low Does not significantly disrupt application functionality, or a workaround is available status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application

Comments

@AnythingOverIP
Copy link

Deployment Type

Self-hosted

NetBox Version

v3.7.6

Python Version

3.8

Steps to Reproduce

Modify configuration.py to enable Maintenance Mode:

# Setting this to True will display a "maintenance mode" banner at the top of every page.
MAINTENANCE_MODE = True
# This adds a banner to the top of every page when maintenance mode is enabled. HTML is allowed
BANNER_MAINTENANCE = 'System maintenance in progress: <b>READ ONLY</b> / Maintenance en cours: <b>LECTURE SEULEMENT</b>'

Expected Behavior

I would expect to have the HTML codes interpreted correctly (part of text above should be in bold).
This works in BANNER_LOGIN and BANNER_FOOTER, but not in BANNER_MAINTENANCE.

image

Observed Behavior

image

(results are similar using <strong>)
@AnythingOverIP AnythingOverIP added status: needs triage This issue is awaiting triage by a maintainer type: bug A confirmed report of unexpected behavior in the application labels Apr 26, 2024
@AnythingOverIP
Copy link
Author

I doubt this be a priority if not reproducible in 4.x... I haven`t had a chance to test with beta.

@jeremystretch
Copy link
Member

It looks like the escape() filter was mistakenly applied to the content of BANNER_MAINTENANCE. We treat all other banner content (top, bottom, and login) as safe, to enable the injection of arbitrary HTML content.

@jeremystretch jeremystretch added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation severity: low Does not significantly disrupt application functionality, or a workaround is available and removed status: needs triage This issue is awaiting triage by a maintainer labels Apr 29, 2024
@arthanson arthanson self-assigned this Apr 29, 2024
@arthanson arthanson removed the status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation label Apr 29, 2024
@arthanson arthanson mentioned this issue Apr 29, 2024
Merged
@jeremystretch jeremystretch added the status: accepted This issue has been accepted for implementation label Apr 29, 2024
jeremystretch added a commit that referenced this issue Apr 29, 2024
@jeremystretch
Changelog for #14852, #15428, #15524, #15548, #15812, #15845, #15872
693c6e4
@jeremystretch jeremystretch mentioned this issue May 1, 2024
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@arthanson arthanson

Labels
severity: low Does not significantly disrupt application functionality, or a workaround is available status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

15872 don't escape BANNER_MAINTENANCE netbox-community/netbox
4 participants
@arthanson @jeffgdotorg @jeremystretch @AnythingOverIP