You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/08/05 22:22:46 UTC
[GitHub] [airflow] mik-laj commented on a change in pull request #10162: Add Airflow UI site_title configuration option
mik-laj commented on a change in pull request #10162:
URL: https://github.com/apache/airflow/pull/10162#discussion_r466037021
##########
File path: tests/www/test_views.py
##########
@@ -1022,6 +1022,18 @@ def log_name(self):
self.assertTrue(ctx['show_external_log_redirect'])
self.assertEqual(ctx['external_log_name'], ExternalHandler.LOG_NAME)
+ def test_page_site_title(self):
+ with conf_vars({('webserver', 'site_title'): 'Site Title Test'}):
+ resp = self.client.get('home', follow_redirects=True)
+ self.check_content_in_response('Site Title Test', resp)
+
+ def test_page_site_title_xss_prevention(self):
+ xss_string = "<script>alert('Give me your credit card number')</script>"
+ with conf_vars({('webserver', 'site_title'): xss_string}):
+ resp = self.client.get('home', follow_redirects=True)
+ escaped_xss_string = "<script>alert(Give me your credit card number)</script>"
+ self.check_content_in_response(escaped_xss_string, resp)
Review comment:
```suggestion
self.check_content_in_response(escaped_xss_string, resp)
self.check_content_not_in_response(xss_string, resp)
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org