Werk #15523: ps: HTML escaping for discouraged configuration

Component Checks & agents
Title ps: HTML escaping for discouraged configuration
Date Apr 11, 2023
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.0.0p35 2.1.0p27 2.2.0b4 2.3.0b1
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed

This fixes some display glitches for a very specific setup: Users can configure the plugin "State and Count of Processes" to produce an HTML table in the service details, and additionally configure Checkmk to not escape it (such that it will actually be rendered as a table).

For these setups we now escape the values inside the table cells, in particular (but not exclusively) to fix rendering of strings containing a literal \n, such as F:\nginx.

While this makes these scenarios a little safer along the way, in general plugin output must not be trusted. This is why we normally escape all plugin output, and discourage these configurations.

To the list of all Werks