You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ka...@apache.org on 2020/06/23 00:04:49 UTC
[airflow] 02/04: Fix json string escape in tree view (#8551)
This is an automated email from the ASF dual-hosted git repository.
kaxilnaik pushed a commit to branch v1-10-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit fc68cf881c1ebf5405c956fef320b60c0584f7d2
Author: QP Hou <qp...@scribd.com>
AuthorDate: Mon Apr 27 07:33:12 2020 -0700
Fix json string escape in tree view (#8551)
close #8523.
(cherry-picked from bcbd888)
---
airflow/www_rbac/views.py | 8 ++++++--
tests/www_rbac/test_views.py | 19 +++++++++++++++++++
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/airflow/www_rbac/views.py b/airflow/www_rbac/views.py
index be7a384..55a10e9 100644
--- a/airflow/www_rbac/views.py
+++ b/airflow/www_rbac/views.py
@@ -1524,6 +1524,11 @@ class Airflow(AirflowBaseView):
external_logs = conf.get('elasticsearch', 'frontend')
doc_md = wwwutils.wrapped_markdown(getattr(dag, 'doc_md', None), css_class='dag-doc')
+ # avoid spaces to reduce payload size
+ data = htmlsafe_json_dumps(data, separators=(',', ':'))
+ # escape slashes to avoid JSON parse error in JS
+ data = data.replace('\\', '\\\\')
+
return self.render_template(
'airflow/tree.html',
operators=sorted({op.task_type: op for op in dag.tasks}.values(),
@@ -1532,8 +1537,7 @@ class Airflow(AirflowBaseView):
form=form,
dag=dag,
doc_md=doc_md,
- # avoid spaces to reduce payload size
- data=htmlsafe_json_dumps(data, separators=(',', ':')),
+ data=data,
blur=blur, num_runs=num_runs,
show_external_logs=bool(external_logs))
diff --git a/tests/www_rbac/test_views.py b/tests/www_rbac/test_views.py
index 2824184..c668227 100644
--- a/tests/www_rbac/test_views.py
+++ b/tests/www_rbac/test_views.py
@@ -580,6 +580,25 @@ class TestAirflowBaseViews(TestBase):
mock_get_dag.assert_called_once_with('example_bash_operator')
self.check_content_in_response('example_bash_operator', resp)
+ @parameterized.expand([
+ ("hello\nworld", "hello\\\\nworld"),
+ ("hello'world", "hello\\\\u0027world"),
+ ("<script>", "\\\\u003cscript\\\\u003e"),
+ ])
+ def test_escape_in_tree_view(self, test_str, seralized_test_str):
+ dag = self.dagbag.dags['test_tree_view']
+ dag.create_dagrun(
+ run_id=self.run_id,
+ execution_date=self.EXAMPLE_DAG_DEFAULT_DATE,
+ start_date=timezone.utcnow(),
+ state=State.RUNNING,
+ conf={"abc": test_str},
+ )
+
+ url = 'tree?dag_id=test_tree_view'
+ resp = self.client.get(url, follow_redirects=True)
+ self.check_content_in_response('"conf":{{"abc":"{}"}}'.format(seralized_test_str), resp)
+
def test_dag_details_trigger_origin_tree_view(self):
dag = self.dagbag.dags['test_tree_view']
dag.create_dagrun(