guan404ming commented on code in PR #54166:
URL: https://github.com/apache/airflow/pull/54166#discussion_r2264785493
##########
providers/standard/src/airflow/providers/standard/example_dags/example_hitl_operator.py:
##########
@@ -125,10 +125,11 @@ def notify(self, context: Context) -> None:
task_id="valid_input_and_options",
subject="Are the following input and options valid?",
body="""
- Input: {{
ti.xcom_pull(task_ids='wait_for_input')["params_input"]["information"] }}
- Option: {{ ti.xcom_pull(task_ids='wait_for_option')["chosen_options"]
}}
- Multiple Options: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
- Timeout Option: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
+**Collected Information**
+- Input: {{
ti.xcom_pull(task_ids='wait_for_input')["params_input"]["information"] }}
+- Option: {{ ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
+- Multiple Options: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
+- Timeout Option: {{
ti.xcom_pull(task_ids='wait_for_option')["chosen_options"] }}
Review Comment:
Yes, they are jinja templated and I also agree that user input is definitely
not safe. I think I could try figure out how to sanitize them to keep safe
here. Would you prefer I open another PR dedicated for this or just do it here?
Also, thanks for letting me know about your concern clearly and all discussion.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
