Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly escape template variables #7016

Merged
merged 4 commits into from Aug 16, 2019
Merged

Properly escape template variables #7016

merged 4 commits into from Aug 16, 2019

Conversation

jasongrout
Copy link
Contributor

@jasongrout jasongrout commented Aug 14, 2019
edited

References

See jupyterlab/jupyterlab_server#73 for another attempt at this in the server. This may conflict with that change (i.e., there may be double escaping with both that change and this change).

Fixes #7024.

Code changes

Add proper Jinja escapes to template variables. In particular, this escapes the JSON strings and urls added to the template.

Note that similar escaping should be added to the jupyterlab_server as well. However, since JupyterLab overrides the index.html template from jupyterlab_server, this PR is the one that affects JupyterLab itself.

User-facing changes

None

Backwards-incompatible changes

Should be none

@jasongrout jasongrout modified the milestones: 1.0.x, 1.1 Aug 14, 2019
@jupyterlab-dev-mode
Copy link

Thanks for making a pull request to JupyterLab!

To try out this branch on binder, follow this link: Binder

@jasongrout
Copy link
Contributor Author

I think this could be backported to 1.0.x as well.

Note that there is some jinja trickery to get the full page config. We could eliminate that if jupyterlab_server included the base and ws urls in the page config variable passed in.

@jasongrout
Copy link
Contributor Author

CC @blink1073

@jasongrout jasongrout mentioned this pull request Aug 15, 2019
Closed
@telamonian telamonian mentioned this pull request Aug 15, 2019
Closed
blink1073
blink1073 approved these changes Aug 16, 2019
View reviewed changes
Copy link
Member

@blink1073 blink1073 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@blink1073 blink1073 merged commit 285ce00 into jupyterlab:master Aug 16, 2019
@blink1073
Copy link
Member

@meeseeksdev backport to 1.0.x

meeseeksmachine pushed a commit to meeseeksmachine/jupyterlab that referenced this pull request Aug 16, 2019
@blink1073
Backport PR jupyterlab#7016: Properly escape template variables
6657e2f
@meeseeksmachine meeseeksmachine mentioned this pull request Aug 16, 2019
Merged
blink1073 added a commit that referenced this pull request Aug 16, 2019
@blink1073
Merge pull request #7036 from meeseeksmachine/auto-backport-of-pr-701…
5fed564 
…6-on-1.0.x

Backport PR #7016 on branch 1.0.x (Properly escape template variables)
@jasongrout jasongrout mentioned this pull request Aug 20, 2019
Closed
@lock lock bot added the status:resolved-locked Closed issues are locked after 30 days inactivity. Please open a new issue for related discussion. label Sep 15, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Sep 15, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@blink1073 blink1073 blink1073 approved these changes

Assignees
No one assigned
Labels
status:resolved-locked Closed issues are locked after 30 days inactivity. Please open a new issue for related discussion.
Projects
None yet
Milestone
1.1
Development

Successfully merging this pull request may close these issues.

Crash caused by odd escaping in response from http://localhost:8888/lab request
2 participants
@jasongrout @blink1073