diff --git a/ci/helm-chart/values.yaml b/ci/helm-chart/values.yaml
index 36a0457ec25f..d893389a3816 100644
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -28,14 +28,6 @@ podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
-securityContext: {}
- # capabilities:
- # drop:
- # - ALL
- # readOnlyRootFilesystem: true
- # runAsNonRoot: true
- # runAsUser: 1000
-
service:
type: ClusterIP
port: 8080
@@ -127,10 +119,6 @@ persistence:
# existingClaim: ""
# hostPath: /data
-serviceAccount:
- create: true
- name:
-
## Enable an Specify container in extraContainers.
## This is meant to allow adding code-server dependencies, like docker-dind.
extraContainers: |
diff --git a/docs/README.md b/docs/README.md
index da68fcc5b320..58e00397e9d1 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -14,6 +14,9 @@ access it in the browser.
- Preserve battery life when you're on the go; all intensive tasks run on your
server
+| 🔔 code-server is a free browser-based IDE while [Coder](https://coder.com/), is our enterprise developer workspace platform. For more information, visit [Coder.com](https://coder.com/docs/comparison)
+| ---
+
## Requirements
See [requirements](requirements.md) for minimum specs, as well as instructions
diff --git a/package.json b/package.json
index d8a5fd891679..2ed79453d9ae 100644
--- a/package.json
+++ b/package.json
@@ -94,7 +94,7 @@
"proxy-agent": "^5.0.0",
"proxy-from-env": "^1.1.0",
"qs": "6.10.1",
- "rotating-file-stream": "^2.1.1",
+ "rotating-file-stream": "^3.0.0",
"safe-buffer": "^5.1.1",
"safe-compare": "^1.1.4",
"semver": "^7.1.3",
diff --git a/src/node/routes/errors.ts b/src/node/routes/errors.ts
index 783cf25ce31a..32e8ab5320b1 100644
--- a/src/node/routes/errors.ts
+++ b/src/node/routes/errors.ts
@@ -6,7 +6,7 @@ import { WebsocketRequest } from "../../../typings/pluginapi"
import { HttpCode } from "../../common/http"
import { rootPath } from "../constants"
import { replaceTemplates } from "../http"
-import { getMediaMime } from "../util"
+import { escapeHtml, getMediaMime } from "../util"
const notFoundCodes = ["ENOENT", "EISDIR"]
export const errorHandler: express.ErrorRequestHandler = async (err, req, res, next) => {
@@ -29,7 +29,7 @@ export const errorHandler: express.ErrorRequestHandler = async (err, req, res, n
replaceTemplates(req, content)
.replace(/{{ERROR_TITLE}}/g, status)
.replace(/{{ERROR_HEADER}}/g, status)
- .replace(/{{ERROR_BODY}}/g, err.message),
+ .replace(/{{ERROR_BODY}}/g, escapeHtml(err.message)),
)
} else {
res.json({
diff --git a/test/unit/node/routes/errors.test.ts b/test/unit/node/routes/errors.test.ts
new file mode 100644
index 000000000000..ffa8f479111c
--- /dev/null
+++ b/test/unit/node/routes/errors.test.ts
@@ -0,0 +1,35 @@
+import express from "express"
+import { errorHandler } from "../../../../src/node/routes/errors"
+
+describe("error page is rendered for text/html requests", () => {
+ it("escapes any html in the error messages", async () => {
+ const next = jest.fn()
+ const err = {
+ code: "ENOENT",
+ statusCode: 404,
+ message: ";>hello",
+ }
+ const req = createRequest()
+ const res = {
+ status: jest.fn().mockReturnValue(this),
+ send: jest.fn().mockReturnValue(this),
+ set: jest.fn().mockReturnValue(this),
+ } as unknown as express.Response
+
+ await errorHandler(err, req, res, next)
+ expect(res.status).toHaveBeenCalledWith(404)
+ expect(res.send).toHaveBeenCalledWith(expect.not.stringContaining("