This is an automated email from the ASF dual-hosted git repository. jedcunningham pushed a commit to branch v2-2-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 628aa1f99c865d97d0b1c7c76e630e43a7b8d319 Author: Jed Cunningham <66968678+jedcunning...@users.noreply.github.com> AuthorDate: Tue Feb 15 11:00:26 2022 -0700 Simplify trigger cancel button (#21591) Co-authored-by: Jed Cunningham <jedcunning...@apache.org> (cherry picked from commit 65297673a318660fba76797e50d0c06804dfcafc) --- airflow/www/templates/airflow/trigger.html | 2 +- tests/www/views/test_views_trigger_dag.py | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/airflow/www/templates/airflow/trigger.html b/airflow/www/templates/airflow/trigger.html index efc1650..2388d4e 100644 --- a/airflow/www/templates/airflow/trigger.html +++ b/airflow/www/templates/airflow/trigger.html @@ -63,7 +63,7 @@ </label> </div> <button type="submit" class="btn btn-primary">Trigger</button> - <button type="button" class="btn" onclick="location.href = '{{ origin }}'; return false">Cancel</button> + <a class="btn" href="{{ origin }}">Cancel</a> </form> {% endblock %} diff --git a/tests/www/views/test_views_trigger_dag.py b/tests/www/views/test_views_trigger_dag.py index f261438..2b43468 100644 --- a/tests/www/views/test_views_trigger_dag.py +++ b/tests/www/views/test_views_trigger_dag.py @@ -134,6 +134,10 @@ def test_trigger_dag_form(admin_client): ("http://google.com", "/home"), ("36539'%3balert(1)%2f%2f166", "/home"), ( + '"><script>alert(99)</script><a href="', + ""><script>alert(99)</script><a href="", + ), + ( "%2Ftree%3Fdag_id%3Dexample_bash_operator';alert(33)//", "/home", ), @@ -145,12 +149,7 @@ def test_trigger_dag_form_origin_url(admin_client, test_origin, expected_origin) test_dag_id = "example_bash_operator" resp = admin_client.get(f'trigger?dag_id={test_dag_id}&origin={test_origin}') - check_content_in_response( - '<button type="button" class="btn" onclick="location.href = \'{}\'; return false">'.format( - expected_origin - ), - resp, - ) + check_content_in_response(f'<a class="btn" href="{expected_origin}">Cancel</a>', resp) @pytest.mark.parametrize(