Werk #15523: ps: HTML escaping for discouraged configuration

Component Checks & agents
Title ps: HTML escaping for discouraged configuration
Date Apr 11, 2023
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.3.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b4 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p27 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p35 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

This fixes some display glitches for a very specific setup: Users can configure the plugin "State and Count of Processes" to produce an HTML table in the service details, and additionally configure Checkmk to not escape it (such that it will actually be rendered as a table).

For these setups we now escape the values inside the table cells, in particular (but not exclusively) to fix rendering of strings containing a literal \n, such as F:\nginx.

While this makes these scenarios a little safer along the way, in general plugin output must not be trusted. This is why we normally escape all plugin output, and discourage these configurations.

To the list of all Werks