[
https://issues.apache.org/jira/browse/AIRFLOW-3768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16793818#comment-16793818
]
ASF subversion and git services commented on AIRFLOW-3768:
----------------------------------------------------------
Commit 66104151d93edb619430a97bf2bbac70dfb4381b in airflow's branch
refs/heads/master from Ash Berlin-Taylor
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=6610415 ]
[AIRFLOW-3768] Escape search parameter in pagination controls (#4911)
The "minidom" we were using from lxml didn't cope with the > etc
entities (because it is an XML parser, not an HTML parser): rather than
special casing each one I have instead swapped out lxml-based parser for
BeautifulSoup which 1) handles these, and 2) is pure-python so is easier
to install :)
> XSS Vulnerability in Search Query Parameter
> -------------------------------------------
>
> Key: AIRFLOW-3768
> URL: https://issues.apache.org/jira/browse/AIRFLOW-3768
> Project: Apache Airflow
> Issue Type: Bug
> Components: security
> Affects Versions: 1.10.1
> Reporter: Media Rest
> Assignee: Ash Berlin-Taylor
> Priority: Critical
>
> In the DAGs page, there is a XSS issue in the search parameter. The input is
> reflected from the search parameter back to the user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
