[ https://issues.apache.org/jira/browse/AIRFLOW-3768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16793818#comment-16793818 ]
ASF subversion and git services commented on AIRFLOW-3768: ---------------------------------------------------------- Commit 66104151d93edb619430a97bf2bbac70dfb4381b in airflow's branch refs/heads/master from Ash Berlin-Taylor [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=6610415 ] [AIRFLOW-3768] Escape search parameter in pagination controls (#4911) The "minidom" we were using from lxml didn't cope with the > etc entities (because it is an XML parser, not an HTML parser): rather than special casing each one I have instead swapped out lxml-based parser for BeautifulSoup which 1) handles these, and 2) is pure-python so is easier to install :) > XSS Vulnerability in Search Query Parameter > ------------------------------------------- > > Key: AIRFLOW-3768 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3768 > Project: Apache Airflow > Issue Type: Bug > Components: security > Affects Versions: 1.10.1 > Reporter: Media Rest > Assignee: Ash Berlin-Taylor > Priority: Critical > > In the DAGs page, there is a XSS issue in the search parameter. The input is > reflected from the search parameter back to the user. -- This message was sent by Atlassian JIRA (v7.6.3#76005)