[04:30] <wgrant> StevenK: ಠ_ಠ
[04:32] <StevenK> Unicode failure
[04:32] <StevenK> But I can guess the intent
[04:33] <wgrant> 1) Fix your IRC/terminal configuration to be less broken when receiving Unicode
[04:33] <wgrant> 2) Fix your MP :)
[04:33] <StevenK> [14:33] -!- Irssi: Uptime: 99d 4h 39m 41s
[04:34] <StevenK> irssi/screen loses its mind after about 40 days WRT Unicode
[04:34] <wgrant> A likely story.
[04:34] <StevenK> wgrant: Fix my MP how?
[04:35] <wgrant> ಠ_ಠ
[04:37] <StevenK> wgrant: I seem to be missing my mind reading device. Secondly, did you manage to actually break the new auditor stack or did you get fully distracted by buildd-manager?
[04:38] <wgrant> I only ಠ_ಠ without elaboration in a very restricted set of circumstances
[04:38] <wgrant> I'd examine your diff for obvious security vulnerabilities.
[04:40] <StevenK> wgrant: I can think of two. person may not be a JSON blob of a IPerson, and we should escape the comment
[04:40] <wgrant> + suffix = '-' + person.name;
[04:40] <wgrant> + '<a href="' + person.web_link + '">' + person.display_name +
[04:40] <wgrant> + ' (' + person.name + ')</a>');
[04:40] <wgrant> + header = "Comment by " + personlink + " on " + date + ".";
[04:40] <wgrant> + '<tr id="ict-' + middle + '-header" class="ict-header">' +
[04:40] <wgrant> + '<div id="inlinecomment-' + middle + '">' +
[04:40] <wgrant> + '<tr id="ict-' + middle + '"><td></td><td>' +
[04:41] <wgrant> + '<span>' + comment + '</span></td></tr>');
[04:41] <wgrant> At a quick glance.
[04:43] <StevenK> I wasn't aware of a person formatter available to JS
[04:43] <wgrant> There probably isn't one.
[04:43] <wgrant> But the lack of one does not excuse multiple trivial XSS vulnerabilities.
[04:44] <wgrant> Though existing code such as +sharing and the bug subscription widget generate person links somehow.
[08:01] <wgrant> StevenK: https://code.launchpad.net/~wgrant/launchpad/bug-1221002/+merge/184030 might make SlaveScanner.scan() a bit more understandable.
[08:01] <wgrant> And even less inconsistent :)
[08:02] <wgrant> checkCancellation is still sick and wrong, but that's for another branch
[08:05] <wgrant> I suspect I'll need to add a cancellation flag to BuildQueue
[08:05] <wgrant> It's currently all rather messy, as the top level buildd-manager code knows about build.status.
[08:44] <StevenK> wgrant: Sorry, I'll look tomorrow morning.
[08:46] <wgrant> StevenK: Sure, no rush