Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix recipe card display format #10893

Merged
merged 4 commits into from Jan 25, 2024
Merged

Fix recipe card display format #10893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
eafbe1b
update
WeichenXu123 Jan 25, 2024
942f333
format
WeichenXu123 Jan 25, 2024
35b9a00
fix
WeichenXu123 Jan 25, 2024
6c7f64c
address comment
WeichenXu123 Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 20 additions & 3 deletions mlflow/recipes/cards/__init__.py
View file
Open in desktop
Expand Up @@ -241,7 +241,20 @@ def render_table(table, columns=None, hide_index=True):
from pandas.io.formats.style import Styler

if not isinstance(table, Styler):
table = pd.DataFrame(table, columns=columns).style
table = pd.DataFrame(table, columns=columns)
# Escape specific characters in HTML to prevent
# javascript code injection
# Note that `pandas_df.style.to_html(escape=True) does not work
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why pandas_df.style.to_html(escape=True) does not work? What's the issue?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is a pandas library bug. We can report it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what happens if we use pandas_df.style.to_html(escape=True)?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It generates the same result with pandas_df.style.to_html(escape=False)

But pandas_df.to_html(escape=True) generates escaped result correctly.

So I think it is a bug.

You can try it by:

p1 = pd.DataFrame({'a': ['<div><script></script></div>']})

print(p1.style.to_html(escape=False))
print(p1.style.to_html(escape=True))

print(p1.to_html(escape=False))
print(p1.to_html(escape=True))

# So that we have to manually escape values in dataframe cells.

def escape_value(x):
return html.escape(str(x))

if hasattr(table, "map"):
table = table.map(escape_value)
else:
table = table.applymap(escape_value)
table = table.style

pandas_version = Version(pd.__version__)

Expand Down Expand Up @@ -290,8 +303,12 @@ def __init__(
'<p><strong>Step status: <span style="color:red">Failed</span></strong></p>',
)
self.add_tab(
"Stacktrace", "<div class='stacktrace-container'>{{ STACKTRACE|e }}</div>"
).add_html("STACKTRACE", f'<p style="margin-top:0px"><code>{failure_traceback}</code></p>')
"Stacktrace",
(
"<div class='stacktrace-container'><p style='margin-top:0px'><code>"
"{{ STACKTRACE|e }}</code></p></div>"
),
).add_html("STACKTRACE", str(failure_traceback))
warning_output_path = os.path.join(output_directory, "warning_logs.txt")
if os.path.exists(warning_output_path):
with open(warning_output_path) as f:
Expand Down
2 changes: 1 addition & 1 deletion mlflow/recipes/steps/ingest/__init__.py
View file
Open in desktop
Expand Up @@ -171,7 +171,7 @@ def _build_step_card(
)
# Tab #2 -- Ingested dataset schema.
schema_html = BaseCard.render_table(schema["fields"])
card.add_tab("Data Schema", "{{SCHEMA|e}}").add_html("SCHEMA", schema_html)
card.add_tab("Data Schema", "{{SCHEMA}}").add_html("SCHEMA", schema_html)

if data_preview is not None:
# Tab #3 -- Ingested dataset preview.
Expand Down