Skip to content

Make raw HTML descriptions configurable #35460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jscheffl merged 18 commits into from
Nov 12, 2023
Merged

Make raw HTML descriptions configurable #35460

jscheffl merged 18 commits into from
Nov 12, 2023

Conversation

@jscheffl
Copy link
Contributor

@jscheffl jscheffl commented Nov 5, 2023

With AIP-50 we introduced trigger forms and such trigger forms allow to provide raw HTML by DAG authors as descriptions.

During Airflow Summit there were some concerns discussed whether a DAG author would be able to inject dangerous JavaScript into the HTML and how Airflow handles this.

This PR changes the raw HTML support in Airflow in the way:

  • A new configuration option allow_html_in_dag_docs is added, which defaults to False
  • DAG documentation and Params Descriptions allow raw HTML only based on the server config option
  • As alternative for safe but still custom text formatting MD is now supported for parameter descriptions
  • Markdown also in DAG description is now filtering HTML tags by default
  • The custom_html_form in trigger DAG UI is marked as deprecated for a future / better solution
  • Example DAGs have been adjusted from raw HTML to MD descriptions where used.

@boring-cyborg boring-cyborg bot added area:webserver Webserver related Issues kind:documentation labels Nov 5, 2023
potiuk
potiuk reviewed Nov 5, 2023
View reviewed changes
potiuk
potiuk reviewed Nov 5, 2023
View reviewed changes
potiuk
potiuk reviewed Nov 5, 2023
View reviewed changes
potiuk
potiuk reviewed Nov 5, 2023
View reviewed changes
potiuk
potiuk approved these changes Nov 5, 2023
View reviewed changes
Copy link
Member

@potiuk potiuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Few nits only.

uranusjr
uranusjr reviewed Nov 6, 2023
View reviewed changes
uranusjr
uranusjr reviewed Nov 6, 2023
View reviewed changes
jedcunningham
jedcunningham reviewed Nov 8, 2023
View reviewed changes
jedcunningham
jedcunningham reviewed Nov 9, 2023
View reviewed changes
jedcunningham
jedcunningham reviewed Nov 9, 2023
View reviewed changes
jedcunningham
jedcunningham approved these changes Nov 9, 2023
View reviewed changes
@potiuk
Copy link
Member

potiuk commented Nov 12, 2023

Looks like all checks passed :)

@potiuk
Copy link
Member

potiuk commented Nov 12, 2023

I think the only thing we need is .significant change description for relese notes.

@jscheffl
Copy link
Contributor Author

jscheffl commented Nov 12, 2023

I think the only thing we need is .significant change description for relese notes.

@potiuk how about the one already in? --> https://github.com/apache/airflow/pull/35460/files#diff-1fa4ad17cb7d1ce8e7e5c724a04fceaac361d7cc44f4c27143359083cb4bb700

@potiuk
Copy link
Member

potiuk commented Nov 12, 2023

I think the only thing we need is .significant change description for relese notes.

@potiuk how about the one already in? --> https://github.com/apache/airflow/pull/35460/files#diff-1fa4ad17cb7d1ce8e7e5c724a04fceaac361d7cc44f4c27143359083cb4bb700

Good enough :)

@jscheffl jscheffl marked this pull request as ready for review November 12, 2023 18:39
@jscheffl jscheffl merged commit 0b99560 into apache:main Nov 12, 2023
@ephraimbuddy ephraimbuddy added the type:improvement Changelog: Improvements label Nov 20, 2023
@ephraimbuddy ephraimbuddy added this to the Airflow 2.8.0 milestone Nov 20, 2023
@sean-rose sean-rose mentioned this pull request Mar 1, 2024
Merged
@jle-pass
Copy link

jle-pass commented Apr 17, 2024
edited
Loading

mentioned by CVE-2023-47265
but we don't see it as a CVE in https://github.com/apache/airflow/releases/tag/2.8.0

@jscheffl jscheffl mentioned this pull request Jun 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@uranusjr uranusjr uranusjr left review comments

@potiuk potiuk potiuk approved these changes

@jedcunningham jedcunningham jedcunningham approved these changes

@pierrejeambrun pierrejeambrun Awaiting requested review from pierrejeambrun

@hussein-awala hussein-awala Awaiting requested review from hussein-awala

@ryanahamilton ryanahamilton Awaiting requested review from ryanahamilton

@ashb ashb Awaiting requested review from ashb

@bbovenzi bbovenzi Awaiting requested review from bbovenzi

Assignees

No one assigned

Labels

area:webserver Webserver related Issues kind:documentation type:improvement Changelog: Improvements

Projects

None yet

Milestone

Airflow 2.8.0

Development

Successfully merging this pull request may close these issues.

6 participants

@jscheffl @potiuk @jle-pass @uranusjr @jedcunningham @ephraimbuddy