You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pr...@apache.org on 2018/03/24 05:20:12 UTC
zeppelin git commit: [minor] Escape string before insertion it into
HTML
Repository: zeppelin
Updated Branches:
refs/heads/master 3eea57ab2 -> 645037b36
[minor] Escape string before insertion it into HTML
In current implementation some of the unescaped HTML get passed to frontend via BootstrapDialog, this PR is to escape those string (and sanitize the output).
[Improvement]
* Does the licenses files need update?
* Is there breaking changes for older versions?
* Does this needs documentation?
Author: Prabhjyot Singh <pr...@gmail.com>
Closes #2888 from prabhjyotsingh/applyEscapeBootstrapDialog and squashes the following commits:
757cfff91 [Prabhjyot Singh] apply _.Escape to BootstrapDialog
Change-Id: Icabd5e5713591929cb4ff9a41036f06ca99b6db8
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/645037b3
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/645037b3
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/645037b3
Branch: refs/heads/master
Commit: 645037b367fd3249ea000392a3237313a83f3506
Parents: 3eea57a
Author: Prabhjyot Singh <pr...@gmail.com>
Authored: Thu Mar 22 14:45:09 2018 +0530
Committer: Prabhjyot Singh <pr...@gmail.com>
Committed: Sat Mar 24 10:50:00 2018 +0530
----------------------------------------------------------------------
zeppelin-web/src/app/helium/helium.controller.js | 12 ++++++------
.../src/app/interpreter/interpreter.controller.js | 6 +++---
.../src/app/jobmanager/job/job.component.js | 2 +-
.../src/app/notebook/notebook.controller.js | 18 +++++++++++-------
.../components/note-action/note-action.service.js | 2 +-
.../websocket/websocket-event.factory.js | 2 +-
6 files changed, 23 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/645037b3/zeppelin-web/src/app/helium/helium.controller.js
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/app/helium/helium.controller.js b/zeppelin-web/src/app/helium/helium.controller.js
index 4728e08..043a9ad 100644
--- a/zeppelin-web/src/app/helium/helium.controller.js
+++ b/zeppelin-web/src/app/helium/helium.controller.js
@@ -150,7 +150,7 @@ export default function HeliumCtrl($scope, $rootScope, $sce,
console.log('Failed to save order');
BootstrapDialog.show({
title: 'Error on saving order ',
- message: data.message,
+ message: _.escape(data.message),
});
});
return false;
@@ -244,8 +244,8 @@ export default function HeliumCtrl($scope, $rootScope, $sce,
confirm.close();
console.log('Failed to enable package %o %o. %o', name, artifact, data);
BootstrapDialog.show({
- title: 'Error on enabling ' + name,
- message: data.message,
+ title: 'Error on enabling ' + _.escape(name),
+ message: _.escape(data.message),
});
});
return false;
@@ -261,7 +261,7 @@ export default function HeliumCtrl($scope, $rootScope, $sce,
closeByBackdrop: false,
closeByKeyboard: false,
title: '<div style="font-weight: 300;">Do you want to disable Helium Package?</div>',
- message: artifact,
+ message: _.escape(artifact),
callback: function(result) {
if (result) {
confirm.$modalFooter.find('button').addClass('disabled');
@@ -276,8 +276,8 @@ export default function HeliumCtrl($scope, $rootScope, $sce,
confirm.close();
console.log('Failed to disable package %o. %o', name, data);
BootstrapDialog.show({
- title: 'Error on disabling ' + name,
- message: data.message,
+ title: 'Error on disabling ' + _.escape(name),
+ message: _.escape(data.message),
});
});
return false;
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/645037b3/zeppelin-web/src/app/interpreter/interpreter.controller.js
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/app/interpreter/interpreter.controller.js b/zeppelin-web/src/app/interpreter/interpreter.controller.js
index d220dba..ef6b8a5 100644
--- a/zeppelin-web/src/app/interpreter/interpreter.controller.js
+++ b/zeppelin-web/src/app/interpreter/interpreter.controller.js
@@ -508,7 +508,7 @@ function InterpreterCtrl($rootScope, $scope, $http, baseUrlSrv, ngToast, $timeou
BootstrapDialog.alert({
closable: true,
title: 'Add interpreter',
- message: 'Name ' + $scope.newInterpreterSetting.name + ' already exists',
+ message: 'Name ' + _.escape($scope.newInterpreterSetting.name) + ' already exists',
});
return;
}
@@ -747,7 +747,7 @@ function InterpreterCtrl($rootScope, $scope, $http, baseUrlSrv, ngToast, $timeou
$scope.showErrorMessage = function(setting) {
BootstrapDialog.show({
title: 'Error downloading dependencies',
- message: setting.errorReason,
+ message: _.escape(setting.errorReason),
});
};
@@ -775,7 +775,7 @@ function InterpreterCtrl($rootScope, $scope, $http, baseUrlSrv, ngToast, $timeou
window.open(res.data.body.url, '_blank');
} else {
BootstrapDialog.alert({
- message: res.data.body.message,
+ message: _.escape(res.data.body.message),
});
}
}).catch(function(res) {
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/645037b3/zeppelin-web/src/app/jobmanager/job/job.component.js
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/app/jobmanager/job/job.component.js b/zeppelin-web/src/app/jobmanager/job/job.component.js
index e6f102f..982fa28 100644
--- a/zeppelin-web/src/app/jobmanager/job/job.component.js
+++ b/zeppelin-web/src/app/jobmanager/job/job.component.js
@@ -94,7 +94,7 @@ class JobController {
BootstrapDialog.alert({
closable: true,
title: title,
- message: errorMessage,
+ message: _.escape(errorMessage),
});
}
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/645037b3/zeppelin-web/src/app/notebook/notebook.controller.js
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/app/notebook/notebook.controller.js b/zeppelin-web/src/app/notebook/notebook.controller.js
index 4c9de9c..ba88e3f 100644
--- a/zeppelin-web/src/app/notebook/notebook.controller.js
+++ b/zeppelin-web/src/app/notebook/notebook.controller.js
@@ -1010,7 +1010,7 @@ function NotebookCtrl($scope, $route, $routeParams, $location, $rootScope,
closeByBackdrop: false,
closeByKeyboard: false,
title: '',
- message: 'Do you want to restart ' + interpreter.name + ' interpreter?',
+ message: 'Do you want to restart ' + _.escape(interpreter.name) + ' interpreter?',
callback: function(result) {
if (result) {
let payload = {
@@ -1031,7 +1031,7 @@ function NotebookCtrl($scope, $route, $routeParams, $location, $rootScope,
console.log('Error %o %o', status, data.message);
BootstrapDialog.show({
title: 'Error restart interpreter.',
- message: data.message,
+ message: _.escape(data.message),
});
});
return false;
@@ -1050,7 +1050,7 @@ function NotebookCtrl($scope, $route, $routeParams, $location, $rootScope,
closable: false,
title: 'Setting Owners Permissions',
message: 'Please fill the [Owners] field. If not, it will set as current user.\n\n' +
- 'Current user : [ ' + $rootScope.ticket.principal + ']',
+ 'Current user : [ ' + _.escape($rootScope.ticket.principal) + ']',
buttons: [
{
label: 'Set',
@@ -1083,9 +1083,13 @@ function NotebookCtrl($scope, $route, $routeParams, $location, $rootScope,
BootstrapDialog.alert({
closable: true,
title: 'Permissions Saved Successfully',
- message: 'Owners : ' + $scope.permissions.owners + '\n\n' + 'Readers : ' +
- $scope.permissions.readers + '\n\n' + 'Runners : ' + $scope.permissions.runners +
- '\n\n' + 'Writers : ' + $scope.permissions.writers,
+ message: 'Owners : ' + _.escape($scope.permissions.owners)
+ + '\n\n' +
+ 'Readers : ' + _.escape($scope.permissions.readers) +
+ '\n\n' +
+ 'Runners : ' + _.escape($scope.permissions.runners) +
+ '\n\n' +
+ 'Writers : ' + _.escape($scope.permissions.writers),
});
$scope.showPermissions = false;
});
@@ -1097,7 +1101,7 @@ function NotebookCtrl($scope, $route, $routeParams, $location, $rootScope,
closeByBackdrop: false,
closeByKeyboard: false,
title: 'Insufficient privileges',
- message: data.message,
+ message: _.escape(data.message),
buttons: [
{
label: 'Login',
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/645037b3/zeppelin-web/src/components/note-action/note-action.service.js
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/components/note-action/note-action.service.js b/zeppelin-web/src/components/note-action/note-action.service.js
index d4bf6f0..83cb6df 100644
--- a/zeppelin-web/src/components/note-action/note-action.service.js
+++ b/zeppelin-web/src/components/note-action/note-action.service.js
@@ -139,7 +139,7 @@ function noteActionService(websocketMsgSrv, $location, noteRenameService, noteLi
type: BootstrapDialog.TYPE_WARNING,
closable: true,
title: 'WARNING! The folder will be MERGED',
- message: 'The folder will be merged into <strong>' + newFolderId + '</strong>. Are you sure?',
+ message: 'The folder will be merged into <strong>' + _.escape(newFolderId) + '</strong>. Are you sure?',
callback: function(result) {
if (result) {
websocketMsgSrv.renameFolder(folderId, newFolderId);
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/645037b3/zeppelin-web/src/components/websocket/websocket-event.factory.js
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/components/websocket/websocket-event.factory.js b/zeppelin-web/src/components/websocket/websocket-event.factory.js
index 18c704d..ca33263 100644
--- a/zeppelin-web/src/components/websocket/websocket-event.factory.js
+++ b/zeppelin-web/src/components/websocket/websocket-event.factory.js
@@ -150,7 +150,7 @@ function WebsocketEventFactory($rootScope, $websocket, $location, baseUrlSrv) {
closeByBackdrop: false,
closeByKeyboard: false,
title: 'Details',
- message: data.info.toString(),
+ message: _.escape(data.info.toString()),
buttons: [{
// close all the dialogs when there are error on running all paragraphs
label: 'Close',