On Thu, Dec 03, 2020 at 10:22 Radosław Piliszek wrote: > Hello Fellow OpenStack and OpenDev Folks! > > TL;DR click on [3] and enjoy. > Hello It seems like this script is injecting build details directly using the innerHTML attribute without filtering html entities, please see the `Security considerations` section of https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML -Tristan > I am starting this thread to not hijack the discussion happening on [1]. > > First of all, I would like to thank gibi (Balazs Gibizer) for hacking > a way to get the place to render the table in the first place (pun > intended). > > I have been a long-time-now user of [2]. > I have improved and customised it for myself but never really got to > share back the changes I made. > The new Gerrit obviously broke the whole script so it was of no use to > share at that particular state. > However, inspired by gibi's work, I decided to finally sit down and > fix it to work with Gerrit 3 and here it comes: [3]. > Works well on Chrome with Tampermonkey. Not tested others. > > I hope you will enjoy this little helper (I do). > > I know the script looks super fugly but it generally boils down to a > mix of styles of 3 people and Gerrit having funky UI rendering. > > Finally, I'd also like to thank hrw (Marcin Juszkiewicz) for linking > me to the original Michel's script in 2019. > > [1] http://lists.openstack.org/pipermail/openstack-discuss/2020-November/019051.html > [2] https://opendev.org/x/coats/src/commit/444c95738677593dcfed0cfd9667d4c4f0d596a3/coats/openstack_gerrit_zuul_status.user.js > [3] https://gist.github.com/yoctozepto/7ea1271c299d143388b7c1b1802ee75e > > Kind regards, > -yoctozepto -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 515 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201203/6ff07d94/attachment.sig>