-
Notifications
You must be signed in to change notification settings - Fork 13.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(Query): Parse html string error responses to avoid displaying raw HTML as error message #29321
fix(Query): Parse html string error responses to avoid displaying raw HTML as error message #29321
Conversation
superset-frontend/packages/superset-ui-core/src/query/getClientErrorObject.ts
Outdated
Show resolved
Hide resolved
superset-frontend/packages/superset-ui-core/src/query/getClientErrorObject.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given everything, this overall LGTM. If the html-handling module tends to grow in the future I'd advocate to refactor using cheerio, but for now I'd rather maintain the logic here than adding a dependency.
In the latest commit I've tried preserving the I've also added a final check to the error message if the response is incapable of being read as a |
superset-frontend/packages/superset-ui-core/src/query/getClientErrorObject.ts
Outdated
Show resolved
Hide resolved
superset-frontend/packages/superset-ui-core/src/query/getClientErrorObject.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's address the t()
comment, but otherwise LGTM, feel free to address the naming-related comments or save it for another PR
I'll save the name change for a new PR just so it becomes the focus in case I miss any usage cases across the codebase when replacing the calls to it. |
d54c418
to
e325a7d
Compare
… HTML as error message (apache#29321) (cherry picked from commit de6a518)
SUMMARY
Adds a function to check if a string is HTML and not capable of JSON parsing to ensure the client does not show raw HTML where there should be an error message.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ChartDataRestApi
response for aPOST
method to be an error with themessage
kwarg
containing raw html in string form. e.g.self.response_500(message='<html><div>Error</div></html>')
See more
on the unexpected error alert produced by charts.Server error
or, in the case of a detected 404,Not found
.ADDITIONAL INFORMATION