Prasad P. Pawar created ATLAS-5214:
--------------------------------------
Summary: ATLAs UI: Ensure user-controlled values are escaped
before rendering |
Key: ATLAS-5214
URL: https://issues.apache.org/jira/browse/ATLAS-5214
Project: Atlas
Issue Type: Task
Components: atlas-webui
Affects Versions: 3.0.0
Reporter: Prasad P. Pawar
Assignee: Prasad P. Pawar
Review `generateQueryOfFilter` in CommonViewFunction.js to ensure all
user-controlled values are escaped before rendering in
`searchResult.html(searchString)`.
Files:
- dashboardv2/public/js/utils/CommonViewFunction.js
- dashboardv2/public/js/views/search/SearchResultLayoutView.js (line 524)
Current Status:
- `generateQueryOfFilter` already uses `_.escape()` for obj.id, obj.operator,
obj.value, value.type, value.tag, value.term, value.query
- **Action:** Verify coverage in code review; add escape for any remaining
user-controlled fields
Verification:
- [ ] Trace all inputs to generateQueryOfFilter
- [ ] Confirm all user-controlled values are escaped
- [ ] Manual test: search with special filter values
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
