This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 25b6001148 [HOTFIX] Escaping vulnerable text when modal opens (#4795)
25b6001148 is described below
commit 25b6001148d910cd5d0b058e2bd3b5e184afde4c
Author: heerim <devhee...@gmail.com>
AuthorDate: Sun Aug 18 17:41:28 2024 +0900
[HOTFIX] Escaping vulnerable text when modal opens (#4795)
---
zeppelin-web/src/app/helium/helium.controller.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/zeppelin-web/src/app/helium/helium.controller.js
b/zeppelin-web/src/app/helium/helium.controller.js
index 2717c87f2a..e8a0eafa7f 100644
--- a/zeppelin-web/src/app/helium/helium.controller.js
+++ b/zeppelin-web/src/app/helium/helium.controller.js
@@ -240,10 +240,10 @@ export default function HeliumCtrl($scope, $rootScope,
$sce,
`<div style="color:gray">${getHeliumTypeText(type)}</div>` +
'<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
'<div style="font-size: 14px;">Description</div>' +
- `<div style="color:gray">${description}</div>` +
+ `<div style="color:gray">${_.escape(description)}</div>` +
'<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
'<div style="font-size: 14px;">License</div>' +
- `<div style="color:gray">${license}</div>`,
+ `<div style="color:gray">${_.escape(license)}</div>`,
callback: function(result) {
if (result) {
confirm.$modalFooter.find('button').addClass('disabled');
