From b8adb0afb7e56ce126ffb92fb7a2b359f2041087 Mon Sep 17 00:00:00 2001
From: heerim <devheerim@gmail.com>
Date: Sun, 18 Aug 2024 17:41:28 +0900
Subject: [PATCH] [HOTFIX] Escaping vulnerable text  when modal opens (#4795)

(cherry picked from commit 25b6001148d910cd5d0b058e2bd3b5e184afde4c)
---
 zeppelin-web/src/app/helium/helium.controller.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zeppelin-web/src/app/helium/helium.controller.js b/zeppelin-web/src/app/helium/helium.controller.js
index 8de38a09484..c130d96b725 100644
--- a/zeppelin-web/src/app/helium/helium.controller.js
+++ b/zeppelin-web/src/app/helium/helium.controller.js
@@ -240,10 +240,10 @@ export default function HeliumCtrl($scope, $rootScope, $sce,
           `<div style="color:gray">${getHeliumTypeText(type)}</div>` +
           '<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
           '<div style="font-size: 14px;">Description</div>' +
-          `<div style="color:gray">${description}</div>` +
+          `<div style="color:gray">${_.escape(description)}</div>` +
           '<hr style="margin-top: 10px; margin-bottom: 10px;" />' +
           '<div style="font-size: 14px;">License</div>' +
-          `<div style="color:gray">${license}</div>`,
+          `<div style="color:gray">${_.escape(license)}</div>`,
         callback: function(result) {
           if (result) {
             confirm.$modalFooter.find('button').addClass('disabled');