[jira] [Commented] (AIRFLOW-6351) security - ui - Add Cross Site Scripting defence

Tue, 14 Apr 2020 16:44:27 -0700 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-6351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17083695#comment-17083695
 ] 

ASF subversion and git services commented on AIRFLOW-6351:
----------------------------------------------------------

Commit afa4b11fddfdbadb048f742cf66d5c21c675a5c8 in airflow's branch 
refs/heads/v1-10-test from tooptoop4
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=afa4b11 ]

[AIRFLOW-6351] security - ui - Add Cross Site Scripting defence (#6913)


> security - ui - Add Cross Site Scripting defence
> ------------------------------------------------
>
>                 Key: AIRFLOW-6351
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-6351
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: ui
>    Affects Versions: 1.10.6, 1.10.7
>            Reporter: t oo
>            Assignee: t oo
>            Priority: Major
>             Fix For: 1.10.11
>
>
> *escape search -->*
>  
> *BEFORE*
> return self.render(
> 'airflow/dags.html',
> webserver_dags=webserver_dags_filtered,
> orm_dags=orm_dags,
> hide_paused=hide_paused,
> current_page=current_page,
> search_query=arg_search_query if arg_search_query else '',
> page_size=dags_per_page,
> num_of_pages=num_of_pages,
> num_dag_from=start + 1,
> num_dag_to=min(end, num_of_all_dags),
> num_of_all_dags=num_of_all_dags,
> paging=wwwutils.generate_pages(current_page, num_of_pages,
> {color:#FF0000}search=arg_search_query,{color}
> showPaused=not hide_paused),
> dag_ids_in_page=page_dag_ids,
> auto_complete_data=auto_complete_data)
>  
> *AFTER*
> return self.render(
> 'airflow/dags.html',
> webserver_dags=webserver_dags_filtered,
> orm_dags=orm_dags,
> hide_paused=hide_paused,
> current_page=current_page,
> search_query=arg_search_query if arg_search_query else '',
> page_size=dags_per_page,
> num_of_pages=num_of_pages,
> num_dag_from=start + 1,
> num_dag_to=min(end, num_of_all_dags),
> num_of_all_dags=num_of_all_dags,
> paging=wwwutils.generate_pages(current_page, num_of_pages,
> {color:#FF0000}search=escape(arg_search_query) if arg_search_query else 
> None,{color}
> showPaused=not hide_paused),
> dag_ids_in_page=page_dag_ids,
> auto_complete_data=auto_complete_data)
>  
> [https://github.com/apache/airflow/blob/v1-10-stable/airflow/www/views.py#L2278]
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to