Werk #15523: ps: HTML escaping for discouraged configuration

Komponente

Checks & agents

Titel

ps: HTML escaping for discouraged configuration

Datum

11.04.2023

Level

Kleine Änderung

Klasse

Bugfix

Kompatibilität

Kompatibel - benötigt kein manuelles Eingreifen

Checkmk versions & editions

2.3.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b4	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p27	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p35	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

This fixes some display glitches for a very specific setup: Users can configure the plugin "State and Count of Processes" to produce an HTML table in the service details, and additionally configure Checkmk to not escape it (such that it will actually be rendered as a table).

For these setups we now escape the values inside the table cells, in particular (but not exclusively) to fix rendering of strings containing a literal \n, such as F:\nginx.

While this makes these scenarios a little safer along the way, in general plugin output must not be trusted. This is why we normally escape all plugin output, and discourage these configurations.

Zur Liste aller Werks