This is an automated email from the ASF dual-hosted git repository.
ash pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/v1-10-test by this push:
new 09e5faa fixup! Don't use the `|safe` filter in code, it's risky
(#9180)
09e5faa is described below
commit 09e5faa9b8e62c0e5703ef99bc484a3c74822c68
Author: Ash Berlin-Taylor <[email protected]>
AuthorDate: Mon Jun 15 17:02:44 2020 +0100
fixup! Don't use the `|safe` filter in code, it's risky (#9180)
---
airflow/www/templates/airflow/list_dags.html | 4 ++--
airflow/www/templates/airflow/query.html | 2 +-
airflow/www/templates/airflow/tree.html | 2 +-
airflow/www/templates/airflow/xcom.html | 1 -
airflow/www/views.py | 2 +-
airflow/www_rbac/templates/airflow/xcom.html | 1 -
6 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/airflow/www/templates/airflow/list_dags.html
b/airflow/www/templates/airflow/list_dags.html
index 3e9fe29..e9398eb 100644
--- a/airflow/www/templates/airflow/list_dags.html
+++ b/airflow/www/templates/airflow/list_dags.html
@@ -216,8 +216,8 @@
{% if filter_groups %}
var filter = new AdminFilters(
'#filter_form', '.field-filters',
- {{ filter_groups|tojson|safe }},
- {{ active_filters|tojson|safe }}
+ {{ filter_groups|tojson }},
+ {{ active_filters|tojson }}
);
{% endif %}
})(jQuery);
diff --git a/airflow/www/templates/airflow/query.html
b/airflow/www/templates/airflow/query.html
index 6a41e7b..b5c4546 100644
--- a/airflow/www/templates/airflow/query.html
+++ b/airflow/www/templates/airflow/query.html
@@ -43,7 +43,7 @@
</div>
</div>
</form>
- {{ results|safe }}
+ {{ results }}
{% endblock %}
{% block tail %}
{{ super() }}
diff --git a/airflow/www/templates/airflow/tree.html
b/airflow/www/templates/airflow/tree.html
index 6bfb465..5804efc 100644
--- a/airflow/www/templates/airflow/tree.html
+++ b/airflow/www/templates/airflow/tree.html
@@ -84,7 +84,7 @@
$('span.status_square').tooltip({html: true});
var devicePixelRatio = window.devicePixelRatio || 1;
-var data = {{ data|tojson|safe }};
+var data = {{ data|tojson }};
var barHeight = 20;
var axisHeight = 40;
var square_x = parseInt(500 * devicePixelRatio);
diff --git a/airflow/www/templates/airflow/xcom.html
b/airflow/www/templates/airflow/xcom.html
index b043e95..a79467b 100644
--- a/airflow/www/templates/airflow/xcom.html
+++ b/airflow/www/templates/airflow/xcom.html
@@ -36,6 +36,5 @@
</tr>
{% endfor %}
</table>
- {{ html_code|safe }}
</div>
{% endblock %}
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 93ec55e..e98096d 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -2400,7 +2400,7 @@ class QueryView(wwwutils.DataProfilingMixin,
AirflowViewMixin, BaseView):
return self.render(
'airflow/query.html', form=form,
title="Ad Hoc Query",
- results=results or '',
+ results=Markup(results or ''),
has_data=has_data)
diff --git a/airflow/www_rbac/templates/airflow/xcom.html
b/airflow/www_rbac/templates/airflow/xcom.html
index 16174b1..ac99c25 100644
--- a/airflow/www_rbac/templates/airflow/xcom.html
+++ b/airflow/www_rbac/templates/airflow/xcom.html
@@ -37,6 +37,5 @@
</tr>
{% endfor %}
</table>
- {{ html_code|safe }}
</div>
{% endblock %}
