[Pkg-nagios-devel] Bug#474967: URL in plugins output converted to html entity

[Lubomir Molent]

Hello,

screenshot of nagios before upgrade is in attachement. Plugin is
returning text <a
href="http://sad.intranet.orange.sk/oracle/alerts.php?host=vasapp_smsccdb9&dbname=smsccdb9" target="_blank">Check alerts.</a>

After upgrade text is in nagios web interface displayed as is returned
from plugin so link isn't clickable.

We are traying native nagios plugin
"urlize" (/usr/lib/nagios/plugins/urlize) but output of this plugin is
too converted to html entity so url is displayed as plain text and isn't
converted by web browser to clickable link.

Best regards

LM


On Sun, 2008-04-27 at 15:59 +0200, Marc Haber wrote:
> On Tue, Apr 08, 2008 at 10:28:10AM +0200, MOLENT Lubomir OSK wrote:
> > After upgrade to nagios2 version 2.11-1~bpo40+1 output of plugins is
> > converted to html entity (for example: < is printed as &lt) so url is
> > not clickable but displayed as plain text (<a href=...)
> 
> Can you give an example of a plugin giving HTML output?
> 
> I guess that this was never intended to work since it might offer a
> possibility to inject malicous javascript into nagios' web frontend.
> 
> Greetings
> Marc
> 
-- 
Lubomir Molent <lubomir.molent at orange.sk>
Orange Slovakia a.s.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nagios.png
Type: image/png
Size: 142141 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20080515/bc0e8602/attachment.png