superset-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maximebeauche...@apache.org
Subject [incubator-superset] branch master updated: Remove dangerouslySetInnerHTML in StackTraceMessage component (#4373)
Date Wed, 07 Feb 2018 22:32:47 GMT
This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 90d9616  Remove dangerouslySetInnerHTML in StackTraceMessage component (#4373)
90d9616 is described below

commit 90d9616f2bb250f6e30fed6a0047f092f5e14f81
Author: Maxime Beauchemin <maximebeauchemin@gmail.com>
AuthorDate: Wed Feb 7 14:32:45 2018 -0800

    Remove dangerouslySetInnerHTML in StackTraceMessage component (#4373)
    
    Druid sometimes returns error message that are contained in "<>", as in
    `<urlopen error [Errno 61] Connection refused>`. Since Superset's
    approach is often to bubble up messages coming from external library,
    it's impossible to predict whether it will contain special characters.
    
    There are some cases where our error handling does return some html
    (presto?),
    but we should manage that upstream. Plus the current setup has security concerns,
    so let's move away from that.
---
 superset/assets/javascripts/components/StackTraceMessage.jsx | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/superset/assets/javascripts/components/StackTraceMessage.jsx b/superset/assets/javascripts/components/StackTraceMessage.jsx
index a950c39..ee190b7 100644
--- a/superset/assets/javascripts/components/StackTraceMessage.jsx
+++ b/superset/assets/javascripts/components/StackTraceMessage.jsx
@@ -26,20 +26,13 @@ class StackTraceMessage extends React.PureComponent {
   }
 
   render() {
-    const msg = (
-      <div>
-        <p
-          dangerouslySetInnerHTML={{ __html: this.props.message }}
-        />
-      </div>);
-
     return (
       <div className={`stack-trace-container${this.hasTrace() ? ' has-trace' : ''}`}>
         <Alert
           bsStyle="warning"
           onClick={() => this.setState({ showStackTrace: !this.state.showStackTrace })}
         >
-          {msg}
+          {this.props.message}
         </Alert>
         {this.hasTrace() &&
           <Collapse in={this.state.showStackTrace}>

-- 
To stop receiving notification emails like this one, please contact
maximebeauchemin@apache.org.

Mime
View raw message