You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by do...@apache.org on 2022/06/17 16:37:07 UTC

[spark] branch master updated: [SPARK-39505][UI] Escape log content rendered in UI

This is an automated email from the ASF dual-hosted git repository.

dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new 37dbf1cc99a [SPARK-39505][UI] Escape log content rendered in UI
37dbf1cc99a is described below

commit 37dbf1cc99ab888342d04b0bf41619ff597ddab9
Author: Sean Owen <sr...@gmail.com>
AuthorDate: Fri Jun 17 09:36:49 2022 -0700

    [SPARK-39505][UI] Escape log content rendered in UI
    
    ### What changes were proposed in this pull request?
    
    Escape log content rendered to the UI.
    
    ### Why are the changes needed?
    
    Log content may contain reserved characters or other code in the log and be misinterpreted in the UI as HTML.
    
    ### Does this PR introduce _any_ user-facing change?
    
    No
    
    ### How was this patch tested?
    
    Existing tests
    
    Closes #36902 from srowen/LogViewEscape.
    
    Authored-by: Sean Owen <sr...@gmail.com>
    Signed-off-by: Dongjoon Hyun <do...@apache.org>
---
 core/src/main/resources/org/apache/spark/ui/static/log-view.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/resources/org/apache/spark/ui/static/log-view.js b/core/src/main/resources/org/apache/spark/ui/static/log-view.js
index 2f416d8210e..92df087f4bd 100644
--- a/core/src/main/resources/org/apache/spark/ui/static/log-view.js
+++ b/core/src/main/resources/org/apache/spark/ui/static/log-view.js
@@ -85,7 +85,7 @@ function loadMore() {
       if (retStartByte == 0) {
         disableMoreButton();
       }
-      $("pre", ".log-content").prepend(cleanData);
+      $("pre", ".log-content").prepend(document.createTextNode(cleanData));
 
       curLogLength = curLogLength + (startByte - retStartByte);
       startByte = retStartByte;
@@ -115,7 +115,7 @@ function loadNew() {
             var retLogLength = dataInfo[2];
 
             var cleanData = data.substring(newlineIndex + 1);
-            $("pre", ".log-content").append(cleanData);
+            $("pre", ".log-content").append(document.createTextNode(cleanData));
 
             curLogLength = curLogLength + (retEndByte - retStartByte);
             endByte = retEndByte;


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org