netbox icon indicating copy to clipboard operation
netbox copied to clipboard

Published 20 hours ago verified publisher icon netbox-community

BANNER_MAINTENANCE not allowing HTML

Open thefreakquency opened this issue 3 months ago • 1 comments

Deployment Type

Self-hosted

NetBox Version

v3.7.6

Python Version

3.8

Steps to Reproduce

Modify configuration.py to enable Maintenance Mode:

# Setting this to True will display a "maintenance mode" banner at the top of every page.
MAINTENANCE_MODE = True
# This adds a banner to the top of every page when maintenance mode is enabled. HTML is allowed
BANNER_MAINTENANCE = 'System maintenance in progress: <b>READ ONLY</b> / Maintenance en cours: <b>LECTURE SEULEMENT</b>'

Expected Behavior

I would expect to have the HTML codes interpreted correctly (part of text above should be in bold). This works in BANNER_LOGIN and BANNER_FOOTER, but not in BANNER_MAINTENANCE.

image

Observed Behavior

image

(results are similar using <strong>)

thefreakquency avatar Apr 26 '24 20:04 thefreakquency

I doubt this be a priority if not reproducible in 4.x... I haven`t had a chance to test with beta.

thefreakquency avatar Apr 26 '24 20:04 thefreakquency

It looks like the escape() filter was mistakenly applied to the content of BANNER_MAINTENANCE. We treat all other banner content (top, bottom, and login) as safe, to enable the injection of arbitrary HTML content.

jeremystretch avatar Apr 29 '24 13:04 jeremystretch