This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch branch-0.11
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/branch-0.11 by this push:
new b8adb0afb7 [HOTFIX] Escaping vulnerable text when modal opens (#4795)
b8adb0afb7 is described below
commit b8adb0afb7e56ce126ffb92fb7a2b359f2041087
Author: heerim <devhee...@gmail.com>
AuthorDate: Sun Aug 18 17:41:28 2024 +0900
[HOTFIX] Escaping vulnerable text when modal opens (#4795)
(cherry picked from commit 25b6001148d910cd5d0b058e2bd3b5e184afde4c)
---
zeppelin-web/src/app/helium/helium.controller.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/zeppelin-web/src/app/helium/helium.controller.js
b/zeppelin-web/src/app/helium/helium.controller.js
index 8de38a0948..c130d96b72 100644
--- a/zeppelin-web/src/app/helium/helium.controller.js
+++ b/zeppelin-web/src/app/helium/helium.controller.js
@@ -240,10 +240,10 @@ export default function HeliumCtrl($scope, $rootScope,
$sce,
`<div style="color:gray">${getHeliumTypeText(type)}</div>` +
'<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
'<div style="font-size: 14px;">Description</div>' +
- `<div style="color:gray">${description}</div>` +
+ `<div style="color:gray">${_.escape(description)}</div>` +
'<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
'<div style="font-size: 14px;">License</div>' +
- `<div style="color:gray">${license}</div>`,
+ `<div style="color:gray">${_.escape(license)}</div>`,
callback: function(result) {
if (result) {
confirm.$modalFooter.find('button').addClass('disabled');
