[
https://issues.apache.org/jira/browse/NIFI-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14311559#comment-14311559
]
Aldrin Piri commented on NIFI-327:
----------------------------------
Completely understand the reasons as to why it was being done and security
certainly seems like the preferential path forward. Certainly wasn't
advocating for just dumping HTML out into the page.
I certainly don't have a grasp over how data is managed throughout the entirety
of the UI, but to maintain the security model and, since everything is escaped,
can we just treat the description as html instead of text?
This is line 978 in nf-canvas-toolbox.
> Add Processor dialog improper HTML encoding of processor descriptions
> ---------------------------------------------------------------------
>
> Key: NIFI-327
> URL: https://issues.apache.org/jira/browse/NIFI-327
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 0.0.1, 0.0.2
> Environment: OS X in Safari
> CentOS 7 in Firefox
> Reporter: Aldrin Piri
> Priority: Minor
> Attachments: html-encoding.png
>
>
> Will attach screenshot.
> When adding a processor via 'Add Processor' Description for a processor in
> the that includes symbols are being encoded when they do not need to be. One
> example is TransformXML that makes use of apostrophes which are encoded into
> their HTML equivalent, '''
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
