guan404ming commented on code in PR #54166:
URL: https://github.com/apache/airflow/pull/54166#discussion_r2263409441
##########
providers/standard/src/airflow/providers/standard/example_dags/example_hitl_operator.py:
##########
@@ -125,10 +125,11 @@ def notify(self, context: Context) -> None:
task_id="valid_input_and_options",
subject="Are the following input and options valid?",
body="""
- Input: {{
ti.xcom_pull(task_ids='wait_for_input')["params_input"]["information"] }}
- Option: {{ ti.xcom_pull(task_ids='wait_for_option')["chosen_options"]
}}
- Multiple Options: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
- Timeout Option: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
+**Collected Information**
+- Input: {{
ti.xcom_pull(task_ids='wait_for_input')["params_input"]["information"] }}
+- Option: {{ ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
+- Multiple Options: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
+- Timeout Option: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
Review Comment:
```py
# [START howto_hitl_approval_operator]
valid_input_and_options = ApprovalOperator(
task_id="valid_input_and_options",
subject="Are the following input and options valid?",
body="""
* Input: {{ task_instance.xcom_pull(task_ids='wait_for_input',
key='return_value')["params_input"]["information"] }}
* Option: {{ task_instance.xcom_pull(task_ids='wait_for_option',
key='return_value')["chosen_options"] }}
## Markdown XSS Tests
### Link-based attacks (pure markdown syntax):
[Click me](javascript:alert('XSS'))
[Another link](data:text/html,<script>alert('XSS')</script>)
[Vbscript](vbscript:msgbox("XSS"))
### Image-based attacks:
)
>)
### Reference-style links:
[click here][1]
[1]: javascript:alert('XSS')
### Protocol manipulation:
[link](JAVASCRIPT:alert('XSS'))
[link](JaVaScRiPt:alert('XSS'))
[link](javascript:alert('XSS'))
### Data URIs:
[click](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=)
""",
defaults="Reject",
execution_timeout=datetime.timedelta(minutes=1),
)
# [END howto_hitl_approval_operator]
```
<img width="342" height="616" alt="image"
src="https://github.com/user-attachments/assets/27fe973b-9849-42c7-8905-6f8979960216";
/>
From my manual tests and diagnosis, `react-markdown` does sanitize the
content — it blocks raw HTML, filters dangerous protocols like javascript: and
data: and handles other safety checks. It’s worth noting that these protections
filter for XSS before and after Markdown has processed any input.
I acknowledge this is still a potential security issue since we rely on
third-party libraries’ security measures, and new vulnerabilities could appear
in the future. If we decide to remove markdown support, multiple features that
currently rely on it would also need to be removed, which I think would be a
pity. I’d like to hear the community’s thoughts on this, and I’m happy to
follow whatever decision the community makes!
cc @pierrejeambrun @jscheffl
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
