This is an automated email from the ASF dual-hosted git repository. michaelsmolina pushed a commit to branch 3.0 in repository https://gitbox.apache.org/repos/asf/superset.git
commit 6da18f84515d6608f8a20f716574e6ec84acf1ac Author: JUST.in DO IT <[email protected]> AuthorDate: Thu Nov 9 09:26:21 2023 -0800 fix(sqllab): invalid sanitization on comparison symbol (#25903) (cherry picked from commit 581d3c710867120f85ddfc097713e5f2880722c1) --- superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx | 3 +++ superset-frontend/packages/superset-ui-core/src/utils/html.tsx | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx b/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx index 8fd06cb6f8..9b950e4246 100644 --- a/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx +++ b/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx @@ -44,6 +44,9 @@ describe('isProbablyHTML', () => { const plainText = 'Just a plain text'; const isHTML = isProbablyHTML(plainText); expect(isHTML).toBe(false); + + const trickyText = 'a <= 10 and b > 10'; + expect(isProbablyHTML(trickyText)).toBe(false); }); }); diff --git a/superset-frontend/packages/superset-ui-core/src/utils/html.tsx b/superset-frontend/packages/superset-ui-core/src/utils/html.tsx index 3215eb9b9d..fffd43bda8 100644 --- a/superset-frontend/packages/superset-ui-core/src/utils/html.tsx +++ b/superset-frontend/packages/superset-ui-core/src/utils/html.tsx @@ -28,7 +28,9 @@ export function sanitizeHtml(htmlString: string) { } export function isProbablyHTML(text: string) { - return /<[^>]+>/.test(text); + return Array.from( + new DOMParser().parseFromString(text, 'text/html').body.childNodes, + ).some(({ nodeType }) => nodeType === 1); } export function sanitizeHtmlIfNeeded(htmlString: string) {
