[
https://issues.apache.org/jira/browse/ATLAS-5214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Prasad P. Pawar resolved ATLAS-5214.
------------------------------------
Fix Version/s: 3.0.0
2.5.0
Resolution: Fixed
> ATLAs UI: Ensure user-controlled values are escaped before rendering |
> ----------------------------------------------------------------------
>
> Key: ATLAS-5214
> URL: https://issues.apache.org/jira/browse/ATLAS-5214
> Project: Atlas
> Issue Type: Task
> Components: atlas-webui
> Affects Versions: 3.0.0
> Reporter: Prasad P. Pawar
> Assignee: Prasad P. Pawar
> Priority: Major
> Labels: Atlas-UI
> Fix For: 3.0.0, 2.5.0
>
>
> Review `generateQueryOfFilter` in CommonViewFunction.js to ensure all
> user-controlled values are escaped before rendering in
> `searchResult.html(searchString)`.
> Files:
> - dashboardv2/public/js/utils/CommonViewFunction.js
> - dashboardv2/public/js/views/search/SearchResultLayoutView.js (line 524)
> Current Status:
> - `generateQueryOfFilter` already uses `_.escape()` for obj.id, obj.operator,
> obj.value, value.type, value.tag, value.term, value.query
> - **Action:** Verify coverage in code review; add escape for any remaining
> user-controlled fields
> Verification:
> - [ ] Trace all inputs to generateQueryOfFilter
> - [ ] Confirm all user-controlled values are escaped
> - [ ] Manual test: search with special filter values
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
