GitHub user prabhjyotsingh opened a pull request:
https://github.com/apache/zeppelin/pull/2888
[minor] Escape string before insertion it into HTML
### What is this PR for?
In current implementation some of the unescaped HTML get passed to frontend
via BootstrapDialog, this PR is to escape those string (and sanitize the
output).
### What type of PR is it?
[Improvement]
### Questions:
* Does the licenses files need update?
* Is there breaking changes for older versions?
* Does this needs documentation?
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/prabhjyotsingh/zeppelin
applyEscapeBootstrapDialog
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2888.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2888
----
commit 757cfff91ddb55d50351fbd3868826f3aafbd7e2
Author: Prabhjyot Singh <prabhjyotsingh@...>
Date: 2018-03-22T09:15:09Z
apply _.Escape to BootstrapDialog
Change-Id: I192b4dc57243feef9e027848ee7f5b934b77bb1e
----
---
