Skip to content

Bulk import for columns metadata across the assets #24012

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Bulk import for columns metadata across the assets #24012

wants to merge 3 commits into from

Conversation

@harshach
Copy link
Collaborator

Describe your changes:

Fixes

I worked on ... because ...

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

@harshach harshach requested review from a team as code owners October 25, 2025 16:52
@github-actions github-actions bot added backend safe to test Add this label to run secure Github workflows on PRs labels Oct 25, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 25, 2025
View reviewed changes
...-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx
const { row } = props;
const value = row.editedDescription ?? row.description ?? '';
const hasEdit = row.editedDescription !== undefined;
const displayValue = value.replace(/<[^>]*>/g, '').slice(0, 100);

Check failure

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Copilot Autofix

AI 3 days ago

The best way to fix this incomplete multi-character sanitization is to use a well-tested sanitizing library designed for front-end use, such as sanitize-html or dompurify. For React projects, the popular and well-maintained dompurify library is recommended and lightweight.

Specifically, in openmetadata-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx, at line 732 within the renderEditableDescriptionCell callback, replace the manual .replace(/<[^>]*>/g, '') approach with a call to DOMPurify.sanitize to reliably strip all HTML tags, including tricky multi-character combinations.

Steps:

  • Add an import for DOMPurify (import DOMPurify from 'dompurify';).
  • In the .replace(...) usage, replace with DOMPurify.sanitize(value, { ALLOWED_TAGS: [] }) to remove all HTML tags, leaving only plain text.
  • Slice to 100 characters as before.
  • To avoid ambiguity, add a dependency for dompurify.
Suggested changeset 1
openmetadata-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/openmetadata-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx b/openmetadata-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx
--- a/openmetadata-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx
+++ b/openmetadata-ui/src/main/resources/ui/src/pages/ColumnBulkOperations/ColumnGrid/ColumnGrid.component.tsx
@@ -17,6 +17,7 @@
 import DataGrid, { Column, RenderCellProps, RenderHeaderCellProps } from 'react-data-grid';
 import { useTranslation } from 'react-i18next';
 import { Link } from 'react-router-dom';
+import DOMPurify from 'dompurify';
 import AsyncSelectList from '../../../components/common/AsyncSelectList/AsyncSelectList';
 import TreeAsyncSelectList from '../../../components/common/AsyncSelectList/TreeAsyncSelectList';
 import RichTextEditor from '../../../components/common/RichTextEditor/RichTextEditor';
@@ -729,7 +730,7 @@
       const { row } = props;
       const value = row.editedDescription ?? row.description ?? '';
       const hasEdit = row.editedDescription !== undefined;
-      const displayValue = value.replace(/<[^>]*>/g, '').slice(0, 100);
+      const displayValue = DOMPurify.sanitize(value, { ALLOWED_TAGS: [] }).slice(0, 100);
 
       return (
         <div
EOF
@@ -17,6 +17,7 @@
import DataGrid, { Column, RenderCellProps, RenderHeaderCellProps } from 'react-data-grid';
import { useTranslation } from 'react-i18next';
import { Link } from 'react-router-dom';
import DOMPurify from 'dompurify';
import AsyncSelectList from '../../../components/common/AsyncSelectList/AsyncSelectList';
import TreeAsyncSelectList from '../../../components/common/AsyncSelectList/TreeAsyncSelectList';
import RichTextEditor from '../../../components/common/RichTextEditor/RichTextEditor';
@@ -729,7 +730,7 @@
const { row } = props;
const value = row.editedDescription ?? row.description ?? '';
const hasEdit = row.editedDescription !== undefined;
const displayValue = value.replace(/<[^>]*>/g, '').slice(0, 100);
const displayValue = DOMPurify.sanitize(value, { ALLOWED_TAGS: [] }).slice(0, 100);

return (
<div
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions
Copy link
Contributor

TypeScript types have been updated based on the JSON schema changes in the PR

@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend safe to test Add this label to run secure Github workflows on PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@harshach