diff --git a/lib/sidekiq/web/action.rb b/lib/sidekiq/web/action.rb index 31f6acd2..0ce6f655 100644 --- a/lib/sidekiq/web/action.rb +++ b/lib/sidekiq/web/action.rb @@ -15,7 +15,7 @@ module Sidekiq end def halt(res) - throw :halt, res + throw :halt, [res, {"Content-Type" => "text/plain"}, [res.to_s]] end def redirect(location) diff --git a/lib/sidekiq/web/application.rb b/lib/sidekiq/web/application.rb index 37b610f6..1d2f2372 100644 --- a/lib/sidekiq/web/application.rb +++ b/lib/sidekiq/web/application.rb @@ -82,10 +82,12 @@ module Sidekiq erb(:queues) end + QUEUE_NAME = /\A[a-z_:.\-0-9]+\z/i + get "/queues/:name" do @name = route_params[:name] - halt(404) unless @name + halt(404) if !@name || @name !~ QUEUE_NAME @count = (params["count"] || 25).to_i @queue = Sidekiq::Queue.new(@name) diff --git a/test/test_web.rb b/test/test_web.rb index dbd1883c..cb8b88be 100644 --- a/test/test_web.rb +++ b/test/test_web.rb @@ -124,6 +124,13 @@ describe Sidekiq::Web do end it 'handles queue view' do + get '/queues/onmouseover=alert()' + assert_equal 404, last_response.status + + get '/queues/foo_bar:123-wow.' + assert_equal 200, last_response.status + assert_match(/foo_bar:123-wow\./, last_response.body) + get '/queues/default' assert_equal 200, last_response.status end