yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-21 14:59:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(ui): mentions formatting and AUT failure fix (#22502)

Browse Source 
* fix mentions formatting

* added unit test
This commit is contained in:
Shrushti Polekar 2025-07-22 18:33:45 +05:30 committed by GitHub
parent d097f4505f
commit 4a267e276e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
openmetadata-ui/src/main/resources/ui/src/utils/sanitize.utils.test.ts
View File

@ -40,4 +40,50 @@ describe('getSanitizeContent', () => {
expect(result).toBe(`<p>abc</p>`);
});
describe('HTML Encoding Prevention', () => {
it('should NOT encode entity links with HTML entities', () => {
const input = '<#E::team::Accounting|@Accounting>';
const result = getSanitizeContent(input);
// Should NOT contain HTML encoded entities
expect(result).not.toContain('&lt;');
expect(result).not.toContain('&gt;');
expect(result).not.toContain('&amp;');
// Should contain the original entity link format
expect(result).toBe('<#E::team::Accounting|@Accounting>');
});
it('should NOT encode multiple entity links with HTML entities', () => {
const input =
'Hello <#E::team::Accounting|@Accounting> and <#E::user::john.doe|@john.doe>';
const result = getSanitizeContent(input);
// Should NOT contain HTML encoded entities
expect(result).not.toContain('&lt;');
expect(result).not.toContain('&gt;');
expect(result).not.toContain('&amp;');
// Should contain the original entity link format
expect(result).toBe(
'Hello <#E::team::Accounting|@Accounting> and <#E::user::john.doe|@john.doe>'
);
});
it('should NOT encode entity links even when mixed with HTML content', () => {
const input =
'<div>Hello</div><#E::team::Accounting|@Accounting><span>World</span>';
const result = getSanitizeContent(input);
// Should NOT contain HTML encoded entities for the entity link
expect(result).not.toContain('&lt;#E::team::Accounting|@Accounting&gt;');
expect(result).not.toContain(
'&amp;lt;#E::team::Accounting|@Accounting&amp;gt;'
);
// Should contain the original entity link format
expect(result).toContain('<#E::team::Accounting|@Accounting>');
});
});
});

22
openmetadata-ui/src/main/resources/ui/src/utils/sanitize.utils.ts
View File

@ -13,5 +13,25 @@
import DOMPurify from 'dompurify';
export const getSanitizeContent = (html: string): string => {
return DOMPurify.sanitize(html);
// First, temporarily replace entity links to protect them from encoding
const entityLinkRegex = /<#E::[^>]+>/g;
const entityLinks: string[] = [];
let entityLinkIndex = 0;
const protectedHtml = html.replace(entityLinkRegex, (match) => {
entityLinks.push(match);
return `__ENTITY_LINK_${entityLinkIndex++}__`;
});
// Sanitize the content with standard DOMPurify settings
const sanitizedContent = DOMPurify.sanitize(protectedHtml);
// Restore entity links
let restoredContent = sanitizedContent;
entityLinks.forEach((link, index) => {
restoredContent = restoredContent.replace(`__ENTITY_LINK_${index}__`, link);
});
return restoredContent;
};