[jira] [Commented] (AIRFLOW-6351) security - ui - Add Cross Site Scripting defence

ASF GitHub Bot (Jira) Fri, 27 Dec 2019 00:25:59 -0800


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-6351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17004003#comment-17004003
 ]


ASF GitHub Bot commented on AIRFLOW-6351:
-----------------------------------------

potiuk commented on pull request #6913: [AIRFLOW-6351] security - ui - Add 
Cross Site Scripting defence
URL: https://github.com/apache/airflow/pull/6913
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> security - ui - Add Cross Site Scripting defence
> ------------------------------------------------
>
>                 Key: AIRFLOW-6351
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-6351
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: ui
>    Affects Versions: 1.10.6, 1.10.7
>            Reporter: t oo
>            Assignee: t oo
>            Priority: Major
>
> *escape search -->*
>  
> *BEFORE*
> return self.render(
> 'airflow/dags.html',
> webserver_dags=webserver_dags_filtered,
> orm_dags=orm_dags,
> hide_paused=hide_paused,
> current_page=current_page,
> search_query=arg_search_query if arg_search_query else '',
> page_size=dags_per_page,
> num_of_pages=num_of_pages,
> num_dag_from=start + 1,
> num_dag_to=min(end, num_of_all_dags),
> num_of_all_dags=num_of_all_dags,
> paging=wwwutils.generate_pages(current_page, num_of_pages,
> {color:#FF0000}search=arg_search_query,{color}
> showPaused=not hide_paused),
> dag_ids_in_page=page_dag_ids,
> auto_complete_data=auto_complete_data)
>  
> *AFTER*
> return self.render(
> 'airflow/dags.html',
> webserver_dags=webserver_dags_filtered,
> orm_dags=orm_dags,
> hide_paused=hide_paused,
> current_page=current_page,
> search_query=arg_search_query if arg_search_query else '',
> page_size=dags_per_page,
> num_of_pages=num_of_pages,
> num_dag_from=start + 1,
> num_dag_to=min(end, num_of_all_dags),
> num_of_all_dags=num_of_all_dags,
> paging=wwwutils.generate_pages(current_page, num_of_pages,
> {color:#FF0000}search=escape(arg_search_query) if arg_search_query else 
> None,{color}
> showPaused=not hide_paused),
> dag_ids_in_page=page_dag_ids,
> auto_complete_data=auto_complete_data)
>  
> [https://github.com/apache/airflow/blob/v1-10-stable/airflow/www/views.py#L2278]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AIRFLOW-6351) security - ui - Add Cross Site Scripting defence

Reply via email to