On Thu, Dec 03, 2020 at 10:22 Radosław Piliszek wrote:
Hello Fellow OpenStack and OpenDev Folks!
TL;DR click on [3] and enjoy.
Hello It seems like this script is injecting build details directly using the innerHTML attribute without filtering html entities, please see the `Security considerations` section of https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML -Tristan
I am starting this thread to not hijack the discussion happening on [1].
First of all, I would like to thank gibi (Balazs Gibizer) for hacking a way to get the place to render the table in the first place (pun intended).
I have been a long-time-now user of [2]. I have improved and customised it for myself but never really got to share back the changes I made. The new Gerrit obviously broke the whole script so it was of no use to share at that particular state. However, inspired by gibi's work, I decided to finally sit down and fix it to work with Gerrit 3 and here it comes: [3]. Works well on Chrome with Tampermonkey. Not tested others.
I hope you will enjoy this little helper (I do).
I know the script looks super fugly but it generally boils down to a mix of styles of 3 people and Gerrit having funky UI rendering.
Finally, I'd also like to thank hrw (Marcin Juszkiewicz) for linking me to the original Michel's script in 2019.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/019051.... [2] https://opendev.org/x/coats/src/commit/444c95738677593dcfed0cfd9667d4c4f0d59... [3] https://gist.github.com/yoctozepto/7ea1271c299d143388b7c1b1802ee75e
Kind regards, -yoctozepto