Werk #15523: ps: HTML escaping for discouraged configuration
Component | Checks & agents | ||||||||||
Title | ps: HTML escaping for discouraged configuration | ||||||||||
Date | Apr 11, 2023 | ||||||||||
Level | Trivial Change | ||||||||||
Class | Bug Fix | ||||||||||
Compatibility | Compatible - no manual interaction needed | ||||||||||
Checkmk versions & editions |
|
This fixes some display glitches for a very specific setup: Users can configure the plugin "State and Count of Processes" to produce an HTML table in the service details, and additionally configure Checkmk to not escape it (such that it will actually be rendered as a table).
For these setups we now escape the values inside the table cells, in particular (but not exclusively) to fix rendering of strings containing a literal \n, such as F:\nginx.
While this makes these scenarios a little safer along the way, in general plugin output must not be trusted. This is why we normally escape all plugin output, and discourage these configurations.