From 07edae97342ae3095b370a3f780b61c94241e771 Mon Sep 17 00:00:00 2001 From: Sean Owen Date: Fri, 17 Jun 2022 09:36:49 -0700 Subject: [PATCH] [SPARK-39505][UI] Escape log content rendered in UI ### What changes were proposed in this pull request? Escape log content rendered to the UI. ### Why are the changes needed? Log content may contain reserved characters or other code in the log and be misinterpreted in the UI as HTML. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? Existing tests Closes #36902 from srowen/LogViewEscape. Authored-by: Sean Owen Signed-off-by: Dongjoon Hyun --- .../src/main/resources/org/apache/spark/ui/static/log-view.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/src/main/resources/org/apache/spark/ui/static/log-view.js b/core/src/main/resources/org/apache/spark/ui/static/log-view.js index 2f416d8210e18..92df087f4bd92 100644 --- a/core/src/main/resources/org/apache/spark/ui/static/log-view.js +++ b/core/src/main/resources/org/apache/spark/ui/static/log-view.js @@ -85,7 +85,7 @@ function loadMore() { if (retStartByte == 0) { disableMoreButton(); } - $("pre", ".log-content").prepend(cleanData); + $("pre", ".log-content").prepend(document.createTextNode(cleanData)); curLogLength = curLogLength + (startByte - retStartByte); startByte = retStartByte; @@ -115,7 +115,7 @@ function loadNew() { var retLogLength = dataInfo[2]; var cleanData = data.substring(newlineIndex + 1); - $("pre", ".log-content").append(cleanData); + $("pre", ".log-content").append(document.createTextNode(cleanData)); curLogLength = curLogLength + (retEndByte - retStartByte); endByte = retEndByte;