[
https://issues.apache.org/jira/browse/NIFI-327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14311614#comment-14311614
]
Matt Gilman commented on NIFI-327:
----------------------------------
The description is treated as HTML. That is why I was escaping. If we don't
escape there, then we will be dumping HTML into the page.
Given a NAR, it's not possible to know whether a processors
name/description/tags/etc contains some malicious code or not. I realize this
ultimately boils down to whether we think we can trust the NARs. I opted to
stay on the safe side.
> Add Processor dialog improper HTML encoding of processor descriptions
> ---------------------------------------------------------------------
>
> Key: NIFI-327
> URL: https://issues.apache.org/jira/browse/NIFI-327
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 0.0.1, 0.0.2
> Environment: OS X in Safari
> CentOS 7 in Firefox
> Reporter: Aldrin Piri
> Priority: Minor
> Attachments: html-encoding.png
>
>
> Will attach screenshot.
> When adding a processor via 'Add Processor' Description for a processor in
> the that includes symbols are being encoded when they do not need to be. One
> example is TransformXML that makes use of apostrophes which are encoded into
> their HTML equivalent, '''
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
