[jira] [Commented] (ATLAS-5211) ATLAS UI: Improve HTML sanitization and data handling in dashboard and dashboardv2

Thu, 19 Feb 2026 04:22:08 -0800 


    [ 
https://issues.apache.org/jira/browse/ATLAS-5211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18059651#comment-18059651
 ] 

Prasad P. Pawar commented on ATLAS-5211:
----------------------------------------

Hi,
The fix for this ticket is provided in theĀ ATLAS-5212

> ATLAS UI: Improve HTML sanitization and data handling in dashboard and 
> dashboardv2
> ----------------------------------------------------------------------------------
>
>                 Key: ATLAS-5211
>                 URL: https://issues.apache.org/jira/browse/ATLAS-5211
>             Project: Atlas
>          Issue Type: Task
>          Components: atlas-webui
>    Affects Versions: 3.0.0
>            Reporter: Prasad P. Pawar
>            Assignee: Prasad P. Pawar
>            Priority: Major
>              Labels: Atlas-UI
>
> Improve how user and API data are rendered in the Atlas UI. Several 
> components were using raw HTML injection or string concatenation without 
> proper sanitization or escaping. This work adds consistent sanitization and 
> escaping so that user-supplied content is rendered safely.
> Changes:
> - HtmlRenderer: Sanitize HTML before using dangerouslySetInnerHTML
> - ShowMoreText: Sanitize content when isHtml=true
> - commonComponents: Escape string values before concatenation into HTML
> - Utils: Add escapeHtml helper; correct allowedSchemesByTag configuration
> - CommonViewFunction (dashboardv2): Escape id and value before rendering in 
> .html()
> - Header (dashboardv2): Use .text() instead of .html() for userName
> | `dashboard/src/components/HtmlRenderer.tsx` | Sanitize HTML before render |
> | `dashboard/src/components/ShowMore/ShowMoreText.tsx` | Sanitize when 
> isHtml=true |
> | `dashboard/src/utils/Utils.ts` | Add escapeHtml; fix allowedSchemesByTag |
> | `dashboard/src/components/commonComponents.tsx` | Use escapeHtml for string 
> values |
> | `dashboardv2/public/js/utils/CommonViewFunction.js` | Use _.escape for id 
> and value |
> | `dashboardv2/public/js/views/site/Header.js` | Use .text() instead of 
> .html() for userName |
> Internal Files Affected:
> - HtmlRenderer.tsx, ShowMoreText.tsx, commonComponents.tsx, Utils.ts 
> (dashboard)
> - CommonViewFunction.js, Header.js (dashboardv2)
> Impact on Internal Files:
> - sanitizeHtmlContent and escapeHtml from Utils.ts are consumed by 
> HtmlRenderer, ShowMoreText, commonComponents, DetailPageAttributes, 
> ClassificationForm, BusinessMetadataTab.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to