[ https://issues.apache.org/jira/browse/AIRFLOW-3768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16794358#comment-16794358 ]
ASF subversion and git services commented on AIRFLOW-3768: ---------------------------------------------------------- Commit 73280e489c8a766264f2dd9225c3c899f31be758 in airflow's branch refs/heads/v1-10-stable from Ash Berlin-Taylor [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=73280e4 ] [AIRFLOW-3768] Escape search parameter in pagination controls (#4911) The "minidom" we were using from lxml didn't cope with the > etc entities (because it is an XML parser, not an HTML parser): rather than special casing each one I have instead swapped out lxml-based parser for BeautifulSoup which 1) handles these, and 2) is pure-python so is easier to install :) > XSS Vulnerability in Search Query Parameter > ------------------------------------------- > > Key: AIRFLOW-3768 > URL: https://issues.apache.org/jira/browse/AIRFLOW-3768 > Project: Apache Airflow > Issue Type: Bug > Components: security > Affects Versions: 1.10.1 > Reporter: Media Rest > Assignee: Ash Berlin-Taylor > Priority: Critical > Fix For: 1.10.3 > > > In the DAGs page, there is a XSS issue in the search parameter. The input is > reflected from the search parameter back to the user. -- This message was sent by Atlassian JIRA (v7.6.3#76005)