fix(sqllab): invalid sanitization on comparison symbol (apache#25903)

10webio · Nov 9, 2023 · 581d3c7 · 581d3c7
1 parent 10205d0
commit 581d3c7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx b/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx
@@ -44,6 +44,9 @@ describe('isProbablyHTML', () => {
     const plainText = 'Just a plain text';
     const isHTML = isProbablyHTML(plainText);
     expect(isHTML).toBe(false);
+
+    const trickyText = 'a <= 10 and b > 10';
+    expect(isProbablyHTML(trickyText)).toBe(false);
   });
 });
 

diff --git a/superset-frontend/packages/superset-ui-core/src/utils/html.tsx b/superset-frontend/packages/superset-ui-core/src/utils/html.tsx
@@ -28,7 +28,9 @@ export function sanitizeHtml(htmlString: string) {
 }
 
 export function isProbablyHTML(text: string) {
-  return /<[^>]+>/.test(text);
+  return Array.from(
+    new DOMParser().parseFromString(text, 'text/html').body.childNodes,
+  ).some(({ nodeType }) => nodeType === 1);
 }
 
 export function sanitizeHtmlIfNeeded(htmlString: string) {