[jira] [Commented] (DRILL-7705) Update jQuery and Bootstrap libraries

Sat, 25 Apr 2020 04:17:39 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-7705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17092184#comment-17092184
 ] 

ASF GitHub Bot commented on DRILL-7705:
---------------------------------------

vvysotskyi edited a comment on pull request #2066:
URL: https://github.com/apache/drill/pull/2066#issuecomment-619360382


   @agozhiy, thanks for updating jQuery with Bootstrap libraries.
   
   I've found the following minor issues in Web-UI after your changes:
   - The Console contains the following errors on all pages:
   ```
   [Error] Failed to load resource: the server responded with a status of 404 
(Not Found) (bootstrap.min.css.map, line 0)
   [Error] Failed to load resource: the server responded with a status of 404 
(Not Found) (bootstrap.min.js.map, line 0)
   ```
   
   - The text on pages became significantly larger (on all pages), so it breaks 
the aligning.
   Current master:
   <img width="1680" alt="Screenshot 2020-04-25 at 12 44 16" 
src="https://user-images.githubusercontent.com/20928429/80276901-33f41d80-86f4-11ea-9cc1-1ee402ebd266.png";>
   
   With your change:
   <img width="1680" alt="Screenshot 2020-04-25 at 12 20 24" 
src="https://user-images.githubusercontent.com/20928429/80276853-f7c0bd00-86f3-11ea-887c-8d77fce2cb46.png";>
   
   Also, for some reason, instead of hostname, IP started displaying (see 
`Address` column)
   Minor comment - in new change added separator after DrillBits line.
   
   - On Query page and other pages, Info icon is aligned to the top of the line 
instead of the center:
   <img width="1680" alt="Screenshot 2020-04-25 at 12 23 42" 
src="https://user-images.githubusercontent.com/20928429/80277083-4f135d00-86f5-11ea-960b-9906d73094ce.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 44 39" 
src="https://user-images.githubusercontent.com/20928429/80277087-55a1d480-86f5-11ea-82f6-9ada4923ced7.png";>
   
   - On the Query result page, aligning of Query profile button and Export 
button broken. Also added line separator above page.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 25 37" 
src="https://user-images.githubusercontent.com/20928429/80277160-cea12c00-86f5-11ea-9222-d126f81a2594.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 45 30" 
src="https://user-images.githubusercontent.com/20928429/80277165-d82a9400-86f5-11ea-99ab-2c2fa3846c8f.png";>
   
   - On the Query profile page, non-active tabs have the same color as the 
active one. Also, seen problems with text sizes. Absent the border around Query 
text field.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 26 04" 
src="https://user-images.githubusercontent.com/20928429/80277243-60109e00-86f6-11ea-85f8-4cdec9363407.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 46 05" 
src="https://user-images.githubusercontent.com/20928429/80277252-6a329c80-86f6-11ea-91e4-43f97912bc3c.png";>
   
   - Show/hide estimate rows button is not displayed correctly. Incorrect 
alignment in the table headers.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 26 22" 
src="https://user-images.githubusercontent.com/20928429/80277316-d01f2400-86f6-11ea-8805-2d2b4b0cd1ee.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 46 11" 
src="https://user-images.githubusercontent.com/20928429/80277319-d6ad9b80-86f6-11ea-8797-e8e407d2b5ec.png";>
   
   - On the Query profiles page, bottom links became black (so it is unclear 
whether they are clickable). Some text is not bold anymore (f.e. `Search 
Profiles`, etc.).
   <img width="1680" alt="Screenshot 2020-04-25 at 12 29 23" 
src="https://user-images.githubusercontent.com/20928429/80277475-e24d9200-86f7-11ea-8518-dc101bd0ba12.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 13 21 32" 
src="https://user-images.githubusercontent.com/20928429/80277477-e974a000-86f7-11ea-86f3-d3e199db7d65.png";>
   
   - On Storage plugins page, in Warning window, the focus is on the close 
button when it appears. Changed alignment of header.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 32 18" 
src="https://user-images.githubusercontent.com/20928429/80277571-9ea75800-86f8-11ea-976e-669086b8b222.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 48 42" 
src="https://user-images.githubusercontent.com/20928429/80277574-a535cf80-86f8-11ea-9a89-e004b27e58bf.png";>
   
   - If the page is scrolled, the navigation bar should be left on the page. 
For example, the metrics page:
   <img width="1680" alt="Screenshot 2020-04-25 at 12 33 27" 
src="https://user-images.githubusercontent.com/20928429/80277890-ecbd5b00-86fa-11ea-8111-c50154daef1b.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 49 01" 
src="https://user-images.githubusercontent.com/20928429/80277894-f34bd280-86fa-11ea-8564-4b09574154c4.png";>
   
   - On Logs page also added line separator above the page. Also, please note 
that before your changes, current page was highlighted with white color, but 
now only Apache Drill is highlighted.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 35 03" 
src="https://user-images.githubusercontent.com/20928429/80277711-8dab1680-86f9-11ea-838c-0955e2a7b23b.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 49 28" 
src="https://user-images.githubusercontent.com/20928429/80277714-94d22480-86f9-11ea-8dd2-b98da8ec103d.png";>
   
   - On the Log page, `(last 10,000 lines)` has the same size as `sqlline.log`, 
but it shouldn't.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 35 08" 
src="https://user-images.githubusercontent.com/20928429/80277822-6274f700-86fa-11ea-9dee-cab8b1b585cc.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 49 35" 
src="https://user-images.githubusercontent.com/20928429/80277811-496c4600-86fa-11ea-9a45-685f06148638.png";>
   
   - Broken aligning on the Options page and something bad happened with a 
clear field button. Some buttons overlap the options description.
   <img width="1680" alt="Screenshot 2020-04-25 at 12 35 38" 
src="https://user-images.githubusercontent.com/20928429/80277932-25f5cb00-86fb-11ea-8cf5-1ba42d31fa8c.png";>
   <img width="1680" alt="Screenshot 2020-04-25 at 12 50 13" 
src="https://user-images.githubusercontent.com/20928429/80277951-3d34b880-86fb-11ea-9af5-ec9d1b80e8bf.png";>


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> Update jQuery and Bootstrap libraries
> -------------------------------------
>
>                 Key: DRILL-7705
>                 URL: https://issues.apache.org/jira/browse/DRILL-7705
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.17.0
>            Reporter: Anton Gozhiy
>            Assignee: Anton Gozhiy
>            Priority: Major
>             Fix For: 1.18.0
>
>
> There are some vulnerabilities present in jQuery and Bootstrap libraries used 
> in Drill:
> * jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, 
> mishandles jQuery.extend(true, {}, ...) because of Object.prototype 
> pollution. If an unsanitized source object contained an enumerable __proto__ 
> property, it could extend the native Object.prototype.
> * In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent 
> attribute.
> * In Bootstrap before 4.1.2, XSS is possible in the data-container property 
> of tooltip.
> * In Bootstrap before 3.4.0, XSS is possible in the affix configuration 
> target property.
> * In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the 
> tooltip or popover data-template attribute.
> The following update is suggested to fix them:
> * jQuery: 3.2.1 -> 3.5.0
> * Bootstrap: 3.1.1 -> 4.4.1



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to