LotusGuild/gandalf
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix setDur implicit event, title XSS, hardcoded pulse URL, suppress error toast

Browse Source 
- suppressions.html: setDur() now takes explicit element param instead of relying
  on implicit global event.target (which fails outside direct click handlers)
- suppressions.html: removeSuppression() now shows error toast on failed DELETE
- templates/index.html: escape description in title attribute with |e filter
  to prevent attribute breakout on quotes in description text
- diagnose.py: derive Pulse execution URL from pulse_client.url instead of
  hardcoding http://pulse.lotusguild.org

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-03-13 14:36:55 -04:00
parent f8395dcd24
commit af26407363
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
diagnose.py
View File

@@ -108,7 +108,8 @@ class DiagnosticsRunner:
pulse_url = None pulse_url = None
if execution_id: if execution_id:
pulse_url = f'http://pulse.lotusguild.org/executions/{execution_id}' base = getattr(self.pulse, 'url', '').rstrip('/')
pulse_url = f'{base}/executions/{execution_id}' if base else None
return { return {
'status': 'done', 'status': 'done',

2
templates/index.html
View File

@@ -214,7 +214,7 @@
<td>{{ e.event_type | replace('_', ' ') }}</td> <td>{{ e.event_type | replace('_', ' ') }}</td>
<td><strong>{{ e.target_name }}</strong></td> <td><strong>{{ e.target_name }}</strong></td>
<td>{{ e.target_detail or '' }}</td> <td>{{ e.target_detail or '' }}</td>
<td class="desc-cell" title="{{ e.description }}">{{ e.description | truncate(60) }}</td> <td class="desc-cell" title="{{ e.description | e }}">{{ e.description | truncate(60) }}</td>
<td class="ts-cell">{{ e.first_seen }}</td> <td class="ts-cell">{{ e.first_seen }}</td>
<td>{{ e.consecutive_failures }}</td> <td>{{ e.consecutive_failures }}</td>
<td> <td>

6
templates/suppressions.html
View File

@@ -180,10 +180,10 @@
document.getElementById('s-name').required = (t!=='all'); document.getElementById('s-name').required = (t!=='all');
} }
function setDur(mins) { function setDur(mins, el) {
document.getElementById('s-expires').value = mins || ''; document.getElementById('s-expires').value = mins || '';
document.querySelectorAll('.duration-pills .pill').forEach(p => p.classList.remove('active')); document.querySelectorAll('.duration-pills .pill').forEach(p => p.classList.remove('active'));
event.target.classList.add('active'); if (el) el.classList.add('active');
const hint = document.getElementById('s-dur-hint'); const hint = document.getElementById('s-dur-hint');
if (mins) { if (mins) {
const h = Math.floor(mins/60), m = mins%60; const h = Math.floor(mins/60), m = mins%60;
@@ -224,6 +224,8 @@
if (data.success) { if (data.success) {
document.getElementById(`sup-row-${id}`)?.remove(); document.getElementById(`sup-row-${id}`)?.remove();
showToast('Suppression removed', 'success'); showToast('Suppression removed', 'success');
} else {
showToast(data.error || 'Failed to remove suppression', 'error');
} }
} }
</script> </script>