Prasad P. Pawar created ATLAS-5211:
--------------------------------------

             Summary: ATLAS UI: Improve HTML sanitization and data handling in 
dashboard and dashboardv2
                 Key: ATLAS-5211
                 URL: https://issues.apache.org/jira/browse/ATLAS-5211
             Project: Atlas
          Issue Type: Task
          Components: atlas-webui
    Affects Versions: 3.0.0
            Reporter: Prasad P. Pawar
            Assignee: Prasad P. Pawar


Improve how user and API data are rendered in the Atlas UI. Several components 
were using raw HTML injection or string concatenation without proper 
sanitization or escaping. This work adds consistent sanitization and escaping 
so that user-supplied content is rendered safely.

Changes:
- HtmlRenderer: Sanitize HTML before using dangerouslySetInnerHTML
- ShowMoreText: Sanitize content when isHtml=true
- commonComponents: Escape string values before concatenation into HTML
- Utils: Add escapeHtml helper; correct allowedSchemesByTag configuration
- CommonViewFunction (dashboardv2): Escape id and value before rendering in 
.html()
- Header (dashboardv2): Use .text() instead of .html() for userName


| `dashboard/src/components/HtmlRenderer.tsx` | Sanitize HTML before render |
| `dashboard/src/components/ShowMore/ShowMoreText.tsx` | Sanitize when 
isHtml=true |
| `dashboard/src/utils/Utils.ts` | Add escapeHtml; fix allowedSchemesByTag |
| `dashboard/src/components/commonComponents.tsx` | Use escapeHtml for string 
values |
| `dashboardv2/public/js/utils/CommonViewFunction.js` | Use _.escape for id and 
value |
| `dashboardv2/public/js/views/site/Header.js` | Use .text() instead of .html() 
for userName |


Internal Files Affected:
- HtmlRenderer.tsx, ShowMoreText.tsx, commonComponents.tsx, Utils.ts (dashboard)
- CommonViewFunction.js, Header.js (dashboardv2)


Impact on Internal Files:
- sanitizeHtmlContent and escapeHtml from Utils.ts are consumed by 
HtmlRenderer, ShowMoreText, commonComponents, DetailPageAttributes, 
ClassificationForm, BusinessMetadataTab.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to