Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.49.15] drf browser showing html tags for url-like fields #5708

Closed
jctanner opened this issue Aug 13, 2024 · 5 comments
Closed

[3.49.15] drf browser showing html tags for url-like fields #5708

jctanner opened this issue Aug 13, 2024 · 5 comments
Labels
Issue Triage-Needed

Comments

@jctanner
Copy link
Contributor

Version

    "galaxy_ng_version": "4.10.0dev",
    "galaxy_ng_commit": "",
    "galaxy_importer_version": "0.4.24",
    "pulp_core_version": "3.49.15",
    "pulp_ansible_version": "0.21.7",
    "pulp_container_version": "2.19.3",
    "ansible_base_version": "1.0.0",

Describe the bug
In the DRF browseable rest api fields with values that resemble urls or email addresses are being rendered as html "a" tags.

"CONTENT_ORIGIN": "<a href="https://dev-aap.gcp.testing.ansible.com:443" rel="nofollow">https://dev-aap.gcp.testing.ansible.com:443</a>"
"email": "<a href="mailto:[email protected]">[email protected]</a>"

The fields are rendered normally with curl, so the "accepts" header is probably controlling this inadvertent templating.

To Reproduce
Spin up galaxy_ng from the master branch and open <prefix>_ui/v1/settings/ or <prefix>/_ui/v2/users/ in a browser window.

Expected behavior
Ideally, all fields returned by serializers return the same value+type whether it's via curl or a browser.

Additional context
https://issues.redhat.com/browse/AAH-3363
@mdellweg
Copy link
Member

Are the links clickable in the Browser? That would be the expected result.

@mdellweg
Copy link
Member

Can you tell curl to request the content type text/html? What would the result look like?

@jctanner
Copy link
Contributor Author

jctanner commented Aug 27, 2024
edited
Loading

The links are not clickable ...

image

$ curl -H 'Accept: text/html' -s -u admin:admin http://localhost:55001/api/galaxy/_ui/v1/settings/  | grep CONTENT
    &quot;GALAXY_REQUIRE_CONTENT_APPROVAL&quot;: true,
    &quot;ANSIBLE_CONTENT_HOSTNAME&quot;: &quot;&lt;a href=&quot;http://localhost:55001/pulp/content&quot; rel=&quot;nofollow&quot;&gt;http://localhost:55001/pulp/content&lt;/a&gt;&quot;,
    &quot;CONTENT_ORIGIN&quot;: &quot;&lt;a href=&quot;http://localhost:55001&quot; rel=&quot;nofollow&quot;&gt;http://localhost:55001&lt;/a&gt;&quot;,

$ curl -H 'Accept: application/json' -s -u admin:admin http://localhost:55001/api/galaxy/_ui/v1/settings/  | jq . | grep CONTENT
  "GALAXY_REQUIRE_CONTENT_APPROVAL": true,
  "ANSIBLE_CONTENT_HOSTNAME": "http://localhost:55001/pulp/content",
  "CONTENT_ORIGIN": "http://localhost:55001",

@ggainey
Copy link
Contributor

ggainey commented Aug 27, 2024

The <prefix>_ui/v1/settings/ or <prefix>/_ui/v2/users/ examples aren't (near as I can tell) Pulp-rendered. Assuming this is happening in the /pulp/api/v3/ calls, it's likely that we just need to backport the fix for #5664 to 3.49. In progress, see #5736.

@mdellweg
Copy link
Member

#5736

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue Triage-Needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jctanner @ggainey @mdellweg