= bug description =
Fedora APAC meeting logs cannot be loaded [1].
= bug analysis =
Meetbot provided URL to the meeting log but the URL is broken or something. Even when navigating and viewing it by date, and then clicking the URL on the website, it still does not load [2].
= fix recommendation =
Make it load.
[1] - https://meetbot.fedoraproject.org/fedora-meeting/2016-04-01/apac_ambassador_meeting.2016-04-01-05.02.log.html
[2] - https://meetbot.fedoraproject.org/fedora-meeting/2016-04-01
This appears to be because the meeting name has a ' in it and the frontend isn't handling that correctly.
Until we fix things up, you can reach the logs at:
https://meetbot-raw.fedoraproject.org/fedora-meeting/2016-04-01/apac_ambassador's_meeting.2016-04-01-05.02.html
I believe nirik is right. It looks like the ' symbol is getting escaped by Jinja and prevents the correct link from being parsed.
We could allow the ' symbol and escape the rest of the symbols, but XSS becomes an issue. If ' is a valid symbol in MeetBot URLs, then what about symbols such as "'()<>? If we allow those as well, it opens us to even more potential XSS attacks.
We could potentially send the links as htmlentities, but convert them back on the server side. Does that open us to any potential attacks? That methods seems much safer.
Fixed in https://github.com/fedora-infra/mote/commit/10f6ad97ddedc1b8ab5be2da6e795fed7063c396 upstream
Replying to [comment:3 cydrobolt]:
Hello Cydrobolt, thanks for committing the fix to upstream.
ok. Shall we roll this version out in staging and then production?
Deployed as part of 0.5.2
Login to comment on this ticket.