[incubator-livy] branch branch-0.7 updated: Add html escape to session name

Wed, 03 Feb 2021 17:47:25 -0800 

This is an automated email from the ASF dual-hosted git repository.

jshao pushed a commit to branch branch-0.7
in repository https://gitbox.apache.org/repos/asf/incubator-livy.git


The following commit(s) were added to refs/heads/branch-0.7 by this push:
     new 9f1ba47  Add html escape to session name
9f1ba47 is described below

commit 9f1ba47a2f0d8accc435b133b42c3a76aa9ac846
Author: Marco Gaido <[email protected]>
AuthorDate: Fri Aug 14 17:25:54 2020 -0700

    Add html escape to session name
    
    ## What changes were proposed in this pull request?
    
    The PR adds HTML escaping to session names.
    
    ## How was this patch tested?
    
    Manual test.
    
    Author: Marco Gaido <[email protected]>
    
    Closes #302 from mgaido91/escape_html.
---
 .../org/apache/livy/server/ui/static/js/all-sessions.js        | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git 
a/server/src/main/resources/org/apache/livy/server/ui/static/js/all-sessions.js 
b/server/src/main/resources/org/apache/livy/server/ui/static/js/all-sessions.js
index 6e35702..d8a84a7 100644
--- 
a/server/src/main/resources/org/apache/livy/server/ui/static/js/all-sessions.js
+++ 
b/server/src/main/resources/org/apache/livy/server/ui/static/js/all-sessions.js
@@ -15,13 +15,17 @@
  * limitations under the License.
  */
 
+function escapeHtml(unescapedText) {
+  return $("<div>").text(unescapedText).html()
+}
+
 function loadSessionsTable(sessions) {
   $.each(sessions, function(index, session) {
     $("#interactive-sessions .sessions-table-body").append(
       "<tr>" +
         tdWrap(uiLink("session/" + session.id, session.id)) +
         tdWrap(appIdLink(session)) +
-        tdWrap(session.name) +
+        tdWrap(escapeHtml(session.name)) +
         tdWrap(session.owner) +
         tdWrap(session.proxyUser) +
         tdWrap(session.kind) +
@@ -38,7 +42,7 @@ function loadBatchesTable(sessions) {
       "<tr>" +
         tdWrap(session.id) +
         tdWrap(appIdLink(session)) +
-        tdWrap(session.name) +
+        tdWrap(escapeHtml(session.name)) +
         tdWrap(session.owner) +
         tdWrap(session.proxyUser) +
         tdWrap(session.state) +
@@ -79,4 +83,4 @@ $(document).ready(function () {
       $("#all-sessions").append('<h4>No Sessions or Batches have been created 
yet.</h4>');
     }
   });
-});
\ No newline at end of file
+});

Reply via email to