HUE-7191 [notebook] Fix XSS from name and description fields when saving document

Review Request #11453 - Created Sept. 1, 2017 and discarded

Sai Chirravuri
hue
master
HUE-7191
hue
enricoberti, jgauthier, johan, ranade, romain

commit 345f63fe1862a82c117c694730ec7e687f01e455
Author: krish krish@cloudera.com
Date: Fri Sep 1 14:18:00 2017 -0700

HUE-7191 [notebook] Fix XSS from name and description fields when saving document

:100644 100644 62d0744... c73454a... M desktop/libs/notebook/src/notebook/templates/editor_components.mako

manual

  • 1
  • 0
  • 0
  • 0
  • 1
Description From Last Updated
Why those? We should allow any char and make sure we escapte properly in the backend, Romain Rigaux
  1. 
      
  2. desktop/libs/notebook/src/notebook/api.py (Diff revision 1)
     
     
     

    Why those?

    We should allow any char and make sure we escapte properly in the backend,

    1. do you mean escape properly in the frontend ?

    2. Yes wanted to say *frontend
  3. 
      
  1. I still don't think that we should strip out characters in the names/descriptions as escaping the frontend is the proper way to fix that. This would also create weird behavior when users see some chars disappearing.

    Are they any other frontend place where we don't escape those?

  2. 
      
Review request changed

Status: Discarded

Loading...