Prasad P. Pawar created ATLAS-5211:
--------------------------------------
Summary: ATLAS UI: Improve HTML sanitization and data handling in
dashboard and dashboardv2
Key: ATLAS-5211
URL: https://issues.apache.org/jira/browse/ATLAS-5211
Project: Atlas
Issue Type: Task
Components: atlas-webui
Affects Versions: 3.0.0
Reporter: Prasad P. Pawar
Assignee: Prasad P. Pawar
Improve how user and API data are rendered in the Atlas UI. Several components
were using raw HTML injection or string concatenation without proper
sanitization or escaping. This work adds consistent sanitization and escaping
so that user-supplied content is rendered safely.
Changes:
- HtmlRenderer: Sanitize HTML before using dangerouslySetInnerHTML
- ShowMoreText: Sanitize content when isHtml=true
- commonComponents: Escape string values before concatenation into HTML
- Utils: Add escapeHtml helper; correct allowedSchemesByTag configuration
- CommonViewFunction (dashboardv2): Escape id and value before rendering in
.html()
- Header (dashboardv2): Use .text() instead of .html() for userName
| `dashboard/src/components/HtmlRenderer.tsx` | Sanitize HTML before render |
| `dashboard/src/components/ShowMore/ShowMoreText.tsx` | Sanitize when
isHtml=true |
| `dashboard/src/utils/Utils.ts` | Add escapeHtml; fix allowedSchemesByTag |
| `dashboard/src/components/commonComponents.tsx` | Use escapeHtml for string
values |
| `dashboardv2/public/js/utils/CommonViewFunction.js` | Use _.escape for id and
value |
| `dashboardv2/public/js/views/site/Header.js` | Use .text() instead of .html()
for userName |
Internal Files Affected:
- HtmlRenderer.tsx, ShowMoreText.tsx, commonComponents.tsx, Utils.ts (dashboard)
- CommonViewFunction.js, Header.js (dashboardv2)
Impact on Internal Files:
- sanitizeHtmlContent and escapeHtml from Utils.ts are consumed by
HtmlRenderer, ShowMoreText, commonComponents, DetailPageAttributes,
ClassificationForm, BusinessMetadataTab.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
