[
https://issues.apache.org/jira/browse/AIRFLOW-6351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kaxil Naik updated AIRFLOW-6351:
--------------------------------
Fix Version/s: (was: 2.0.0)
1.10.11
> security - ui - Add Cross Site Scripting defence
> ------------------------------------------------
>
> Key: AIRFLOW-6351
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6351
> Project: Apache Airflow
> Issue Type: Bug
> Components: ui
> Affects Versions: 1.10.6, 1.10.7
> Reporter: t oo
> Assignee: t oo
> Priority: Major
> Fix For: 1.10.11
>
>
> *escape search -->*
>
> *BEFORE*
> return self.render(
> 'airflow/dags.html',
> webserver_dags=webserver_dags_filtered,
> orm_dags=orm_dags,
> hide_paused=hide_paused,
> current_page=current_page,
> search_query=arg_search_query if arg_search_query else '',
> page_size=dags_per_page,
> num_of_pages=num_of_pages,
> num_dag_from=start + 1,
> num_dag_to=min(end, num_of_all_dags),
> num_of_all_dags=num_of_all_dags,
> paging=wwwutils.generate_pages(current_page, num_of_pages,
> {color:#FF0000}search=arg_search_query,{color}
> showPaused=not hide_paused),
> dag_ids_in_page=page_dag_ids,
> auto_complete_data=auto_complete_data)
>
> *AFTER*
> return self.render(
> 'airflow/dags.html',
> webserver_dags=webserver_dags_filtered,
> orm_dags=orm_dags,
> hide_paused=hide_paused,
> current_page=current_page,
> search_query=arg_search_query if arg_search_query else '',
> page_size=dags_per_page,
> num_of_pages=num_of_pages,
> num_dag_from=start + 1,
> num_dag_to=min(end, num_of_all_dags),
> num_of_all_dags=num_of_all_dags,
> paging=wwwutils.generate_pages(current_page, num_of_pages,
> {color:#FF0000}search=escape(arg_search_query) if arg_search_query else
> None,{color}
> showPaused=not hide_paused),
> dag_ids_in_page=page_dag_ids,
> auto_complete_data=auto_complete_data)
>
> [https://github.com/apache/airflow/blob/v1-10-stable/airflow/www/views.py#L2278]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
