This is an automated email from the ASF dual-hosted git repository.
derrickaw pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push:
new 597f92530f1 address DOM text reinterpreted as HTML alert (#38949)
597f92530f1 is described below
commit 597f92530f17b78b3410b5a5f817daf93139ac6d
Author: Derrick Williams <[email protected]>
AuthorDate: Wed Jun 17 10:22:37 2026 -0400
address DOM text reinterpreted as HTML alert (#38949)
* address DOM text reinterpreted as HTML alert
* address gemini comments
* fix a few more gemini comments
* address more gemini
* address gemini
---
website/www/site/assets/js/bootstrap.js | 46 ++++++++++++++++++++----
website/www/site/assets/js/bootstrap/alert.js | 7 +++-
website/www/site/assets/js/bootstrap/carousel.js | 9 ++++-
website/www/site/assets/js/bootstrap/collapse.js | 6 +++-
website/www/site/assets/js/bootstrap/dropdown.js | 7 +++-
website/www/site/assets/js/bootstrap/modal.js | 8 ++++-
website/www/site/assets/js/bootstrap/tooltip.js | 9 ++++-
7 files changed, 80 insertions(+), 12 deletions(-)
diff --git a/website/www/site/assets/js/bootstrap.js
b/website/www/site/assets/js/bootstrap.js
index 01fbbcbaa9f..a10c907ab81 100755
--- a/website/www/site/assets/js/bootstrap.js
+++ b/website/www/site/assets/js/bootstrap.js
@@ -109,7 +109,12 @@ if (typeof jQuery === 'undefined') {
selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip
for ie7
}
- var $parent = $(selector)
+ var $parent
+ try {
+ $parent = selector ? $(document).find(selector) : $()
+ } catch (e) {
+ $parent = $()
+ }
if (e) e.preventDefault()
@@ -502,7 +507,14 @@ if (typeof jQuery === 'undefined') {
var clickHandler = function (e) {
var href
var $this = $(this)
- var $target = $($this.attr('data-target') || (href = $this.attr('href'))
&& href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+ var selector = $this.attr('data-target') || (href = $this.attr('href')) &&
href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7
+ var $target
+ try {
+ $target = selector ? $(document).find(selector) : $()
+ } catch (e) {
+ $target = $()
+ }
+
if (!$target.hasClass('carousel')) return
var options = $.extend({}, $target.data(), $this.data())
var slideIndex = $this.attr('data-slide-to')
@@ -691,7 +703,11 @@ if (typeof jQuery === 'undefined') {
var target = $trigger.attr('data-target')
|| (href = $trigger.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')
// strip for ie7
- return $(target)
+ try {
+ return target ? $(document).find(target) : $()
+ } catch (e) {
+ return $()
+ }
}
@@ -773,7 +789,12 @@ if (typeof jQuery === 'undefined') {
selector = selector && /#[A-Za-z]/.test(selector) &&
selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
}
- var $parent = selector && $(selector)
+ var $parent
+ try {
+ $parent = selector && $(document).find(selector)
+ } catch (e) {
+ $parent = $()
+ }
return $parent && $parent.length ? $parent : $this.parent()
}
@@ -1230,7 +1251,13 @@ if (typeof jQuery === 'undefined') {
$(document).on('click.bs.modal.data-api', '[data-toggle="modal"]', function
(e) {
var $this = $(this)
var href = $this.attr('href')
- var $target = $($this.attr('data-target') || (href &&
href.replace(/.*(?=#[^\s]+$)/, ''))) // strip for ie7
+ var selector = $this.attr('data-target') || (href &&
href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+ var $target
+ try {
+ $target = selector ? $(document).find(selector) : $()
+ } catch (e) {
+ $target = $()
+ }
var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote:
!/#/.test(href) && href }, $target.data(), $this.data())
if ($this.is('a')) e.preventDefault()
@@ -1550,11 +1577,18 @@ if (typeof jQuery === 'undefined') {
.css(isVertical ? 'top' : 'left', '')
}
+ function sanitizeHtml(string) {
+ if (typeof DOMPurify !== 'undefined' && typeof string === 'string') {
+ return DOMPurify.sanitize(string)
+ }
+ return string
+ }
+
Tooltip.prototype.setContent = function () {
var $tip = this.tip()
var title = this.getTitle()
- $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title)
+ $tip.find('.tooltip-inner')[this.options.html ? 'html' :
'text'](this.options.html ? sanitizeHtml(title) : title)
$tip.removeClass('fade in top bottom left right')
}
diff --git a/website/www/site/assets/js/bootstrap/alert.js
b/website/www/site/assets/js/bootstrap/alert.js
index 5536755df91..28eca46229e 100755
--- a/website/www/site/assets/js/bootstrap/alert.js
+++ b/website/www/site/assets/js/bootstrap/alert.js
@@ -31,7 +31,12 @@
selector = selector && selector.replace(/.*(?=#[^\s]*$)/, '') // strip
for ie7
}
- var $parent = $(selector)
+ var $parent
+ try {
+ $parent = selector ? $(document).find(selector) : $()
+ } catch (e) {
+ $parent = $()
+ }
if (e) e.preventDefault()
diff --git a/website/www/site/assets/js/bootstrap/carousel.js
b/website/www/site/assets/js/bootstrap/carousel.js
index 6cdbc79ce1c..848c7d8986f 100755
--- a/website/www/site/assets/js/bootstrap/carousel.js
+++ b/website/www/site/assets/js/bootstrap/carousel.js
@@ -208,7 +208,14 @@
var clickHandler = function (e) {
var href
var $this = $(this)
- var $target = $($this.attr('data-target') || (href = $this.attr('href'))
&& href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+ var selector = $this.attr('data-target') || (href = $this.attr('href')) &&
href.replace(/.*(?=#[^\s]+$)/, '') // strip for ie7
+ var $target
+ try {
+ $target = selector ? $(document).find(selector) : $()
+ } catch (e) {
+ $target = $()
+ }
+
if (!$target.hasClass('carousel')) return
var options = $.extend({}, $target.data(), $this.data())
var slideIndex = $this.attr('data-slide-to')
diff --git a/website/www/site/assets/js/bootstrap/collapse.js
b/website/www/site/assets/js/bootstrap/collapse.js
index 9e26465d905..79f95377093 100755
--- a/website/www/site/assets/js/bootstrap/collapse.js
+++ b/website/www/site/assets/js/bootstrap/collapse.js
@@ -159,7 +159,11 @@
var target = $trigger.attr('data-target')
|| (href = $trigger.attr('href')) && href.replace(/.*(?=#[^\s]+$)/, '')
// strip for ie7
- return $(target)
+ try {
+ return target ? $(document).find(target) : $()
+ } catch (e) {
+ return $()
+ }
}
diff --git a/website/www/site/assets/js/bootstrap/dropdown.js
b/website/www/site/assets/js/bootstrap/dropdown.js
index df6be86940d..f89eea7419b 100755
--- a/website/www/site/assets/js/bootstrap/dropdown.js
+++ b/website/www/site/assets/js/bootstrap/dropdown.js
@@ -29,7 +29,12 @@
selector = selector && /#[A-Za-z]/.test(selector) &&
selector.replace(/.*(?=#[^\s]*$)/, '') // strip for ie7
}
- var $parent = selector && $(selector)
+ var $parent
+ try {
+ $parent = selector && $(document).find(selector)
+ } catch (e) {
+ $parent = $()
+ }
return $parent && $parent.length ? $parent : $this.parent()
}
diff --git a/website/www/site/assets/js/bootstrap/modal.js
b/website/www/site/assets/js/bootstrap/modal.js
index 5049cccf369..bc30367f74d 100755
--- a/website/www/site/assets/js/bootstrap/modal.js
+++ b/website/www/site/assets/js/bootstrap/modal.js
@@ -320,7 +320,13 @@
$(document).on('click.bs.modal.data-api', '[data-toggle="modal"]', function
(e) {
var $this = $(this)
var href = $this.attr('href')
- var $target = $($this.attr('data-target') || (href &&
href.replace(/.*(?=#[^\s]+$)/, ''))) // strip for ie7
+ var selector = $this.attr('data-target') || (href &&
href.replace(/.*(?=#[^\s]+$)/, '')) // strip for ie7
+ var $target
+ try {
+ $target = selector ? $(document).find(selector) : $()
+ } catch (e) {
+ $target = $()
+ }
var option = $target.data('bs.modal') ? 'toggle' : $.extend({ remote:
!/#/.test(href) && href }, $target.data(), $this.data())
if ($this.is('a')) e.preventDefault()
diff --git a/website/www/site/assets/js/bootstrap/tooltip.js
b/website/www/site/assets/js/bootstrap/tooltip.js
index 7094b34dce7..59e9490cc61 100755
--- a/website/www/site/assets/js/bootstrap/tooltip.js
+++ b/website/www/site/assets/js/bootstrap/tooltip.js
@@ -302,11 +302,18 @@
.css(isVertical ? 'top' : 'left', '')
}
+ function sanitizeHtml(string) {
+ if (typeof DOMPurify !== 'undefined' && typeof string === 'string') {
+ return DOMPurify.sanitize(string)
+ }
+ return string
+ }
+
Tooltip.prototype.setContent = function () {
var $tip = this.tip()
var title = this.getTitle()
- $tip.find('.tooltip-inner')[this.options.html ? 'html' : 'text'](title)
+ $tip.find('.tooltip-inner')[this.options.html ? 'html' :
'text'](this.options.html ? sanitizeHtml(title) : title)
$tip.removeClass('fade in top bottom left right')
}
