Alejandro Fernandez created AIRFLOW-2210:

             Summary: Rendering logs executes javascript code, which is 
dangerous and must be HTML-escaped
                 Key: AIRFLOW-2210
             Project: Apache Airflow
          Issue Type: Bug
          Components: ui
    Affects Versions: 1.8.0
            Reporter: Alejandro Fernandez
            Assignee: Alejandro Fernandez

Rendering DAGs whose log message contains javascript will be executed on the 
browser.This is happening because the Airflow UI is not HTML escaping the log 

This message was sent by Atlassian JIRA

Reply via email to