Stop HTML escaping errors for /stats/requests endpoint #2710
Conversation
Fixes #2674, at least the most annoying part of it.
|
@andrewbaldwin44 What do you think about this? I see no reason for the endpoint to return html-escaped strings (inside a json document!) - that is more appropriately handled by the front end. HTML tags are already handled correctly, but it is a bit weird that things like |
cyberw
force-pushed
the
stop-escaping-errors-for-requests-endpoint
branch
from
18048df
to
6fb7444
Compare
|
Weird, I thought for sure I had fixed this. Escaping on the server is likely meant as a security consideration, to prevent injection or XSS (probably not the biggest concern considering Locust is usually deployed within a VPC). It looks like the legacy UI would evaluate the error and name so that is most likely the reason for this, but since we no longer have the legacy UI this is no longer necessary (we never evaluate HTML in the new frontend). There was a fix to HTML escaping I applied for the failures table, it would no longer be needed after this patch so I can remove it in another PR |
cyberw
changed the title
cyberw
changed the title
cyberw
changed the title
Fixes #2674, at least the most annoying part of it (things like
'are now returned and most importantly displayed as "'" instead of "'")