aws / sagemaker-python-sdk

A library for training and deploying machine learning models on Amazon SageMaker
https://sagemaker.readthedocs.io/
Apache License 2.0
2.11k stars 1.14k forks source link

fix: escape input before returning #4810

Closed mohamedzeidan2021 closed 3 months ago

mohamedzeidan2021 commented 3 months ago

Issue #, if available:

Description of changes: Fixing the potential cross site scripting vulnerability by escaping the input using flasks escape function before returning the request data in the case that the request fails.

Testing done: The code scanning vulnerability disappeared in my fork once the fix was implemented.

Merge Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.

General

Tests

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.