[spark] branch branch-3.1 updated: [SPARK-39505][UI] Escape log content rendered in UI

Fri, 17 Jun 2022 11:33:23 -0700 

This is an automated email from the ASF dual-hosted git repository.

srowen pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/branch-3.1 by this push:
     new 14bc8ec1d0c [SPARK-39505][UI] Escape log content rendered in UI
14bc8ec1d0c is described below

commit 14bc8ec1d0ce5fcafd6b85b02cba2a4880b6a41d
Author: Sean Owen <[email protected]>
AuthorDate: Fri Jun 17 09:36:49 2022 -0700

    [SPARK-39505][UI] Escape log content rendered in UI
    
    ### What changes were proposed in this pull request?
    
    Escape log content rendered to the UI.
    
    ### Why are the changes needed?
    
    Log content may contain reserved characters or other code in the log and be 
misinterpreted in the UI as HTML.
    
    ### Does this PR introduce _any_ user-facing change?
    
    No
    
    ### How was this patch tested?
    
    Existing tests
    
    Closes #36902 from srowen/LogViewEscape.
    
    Authored-by: Sean Owen <[email protected]>
    Signed-off-by: Dongjoon Hyun <[email protected]>
---
 core/src/main/resources/org/apache/spark/ui/static/log-view.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/resources/org/apache/spark/ui/static/log-view.js 
b/core/src/main/resources/org/apache/spark/ui/static/log-view.js
index b5c43e5788b..163662bf3bb 100644
--- a/core/src/main/resources/org/apache/spark/ui/static/log-view.js
+++ b/core/src/main/resources/org/apache/spark/ui/static/log-view.js
@@ -82,7 +82,7 @@ function loadMore() {
       if (retStartByte == 0) {
         disableMoreButton();
       }
-      $("pre", ".log-content").prepend(cleanData);
+      $("pre", ".log-content").prepend(document.createTextNode(cleanData));
 
       curLogLength = curLogLength + (startByte - retStartByte);
       startByte = retStartByte;
@@ -112,7 +112,7 @@ function loadNew() {
             var retLogLength = dataInfo[2];
 
             var cleanData = data.substring(newlineIndex + 1);
-            $("pre", ".log-content").append(cleanData);
+            $("pre", 
".log-content").append(document.createTextNode(cleanData));
 
             curLogLength = curLogLength + (retEndByte - retStartByte);
             endByte = retEndByte;


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to