[SPARK-14025][STREAMING][WEBUI] Fix streaming job descriptions on the event timeline #11845
Conversation
|
@andrewor14 @zsxwing would you mind taking a look at this when you have time? Thanks! |
|
I agree it's a problem, but this seems like a hacky way to band-aid it, with a second version of the description and a flag passed around. Is the problem not just that this is HTML, but not being interpreted as such? Is it necessary that this description have HTML to begin with? |
|
@srowen thanks for looking at this! I believe job descriptions were intended to contains only plain texts at first, but HTMLs were introduced in for streaming jobs by #8791. Hyperlinks in the |
|
Besides, the blue/green bar in the event timeline itself is clickable, linking to the specific job page. The |
|
Ah I thought this was a tooltip, where HTML can't render, but it's not. I wonder, is the problem just that this is rendered as text and not HTML? if it's controlled by the UI, it seems safe to just let it render as HTML if possible? |
|
Actually we've intentionally escaped the description for the event timeline, so that it will be rendered as plain texts; please see https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/ui/jobs/AllJobsPage.scala#L85. So I think it was TD's intention to add hyperlinks to the text tables(where descriptions are not escaped), but the same description would be escaped and used in the tooltip too. |
|
Maybe let's summarize a little bit:
So this PR adds a second version of the description, which will used for the event timeline. For non-streaming jobs, they are the same. |
|
My question is, why escape it? the library will accept and render HTML and that is desirable here right? |
|
the original tooltip library does accept and render HTML, but I guess we Spark developers decide we only need plain texts here:
So we'll escape things to prevent from malicious codes. However then HTMLs( |
|
The escape part can be traced at:
Maybe @andrewor14 will explain better :) |
lw-lin
changed the title
|
ok to test |
|
Test build #53688 has finished for PR 11845 at commit
|
|
@lw-lin thanks for summarizing the issue. Yes, we don't want to process arbitrary HTML so we don't have to worry about potential XSS threats. However, I agree with @srowen that the approach you chose here seems kind of arbitrary. Instead, a better place to do this might be in |
|
@andrewor14 thank you for the informative review. Will soon update this PR accordingly. |
|
Test build #53755 has finished for PR 11845 at commit
|
|
Updated with new commits. Tests passed on my local machine; I'm not sure why scalastyle checks failed (this PR doesn't touch this code snippet):
Can we get a retest, please? :) |
|
It failed on a line you modified so it is due to this change. The error message explains what you need to change. |
|
Test build #53770 has finished for PR 11845 at commit
|
| val fullUri = s"${basePathUri.stripSuffix("/")}/${relativePath.stripPrefix("/")}" | ||
| e % Attribute(null, "href", fullUri, Null) | ||
| case _ => n | ||
| val rule = if (plainText) { |
There was a problem hiding this comment.
style:
val rule =
if (plainText) {
...
} else {
...
}
There was a problem hiding this comment.
@andrewor14 sure; updated with the new commit, thanks!
|
Looks pretty good. @zsxwing can you have a look? |
|
Test build #53869 has finished for PR 11845 at commit
|
|
LGTM. Merging to master. Thanks, @lw-lin |
|
Thank you all for your kind review & comments, @srowen @andrewor14 @zsxwing ! |
5 participants
What changes were proposed in this pull request?
Removed the extra
<a href=...>...</a>for each streaming job's description on the event timeline.[Before]
[After]
How was this patch tested?
test suits, manual checks (see screenshots above)