From 5614cefb118e44a034b1a310353f5e1890f7657b Mon Sep 17 00:00:00 2001
From: "JUST.in DO IT" <justin.park@airbnb.com>
Date: Thu, 9 Nov 2023 09:26:21 -0800
Subject: [PATCH] fix(sqllab): invalid sanitization on comparison symbol
 (#25903)

---
 .../packages/superset-ui-core/src/utils/html.test.tsx         | 3 +++
 .../packages/superset-ui-core/src/utils/html.tsx              | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx b/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx
index 8fd06cb6f8e7a..9b950e4246e92 100644
--- a/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx
+++ b/superset-frontend/packages/superset-ui-core/src/utils/html.test.tsx
@@ -44,6 +44,9 @@ describe('isProbablyHTML', () => {
     const plainText = 'Just a plain text';
     const isHTML = isProbablyHTML(plainText);
     expect(isHTML).toBe(false);
+
+    const trickyText = 'a <= 10 and b > 10';
+    expect(isProbablyHTML(trickyText)).toBe(false);
   });
 });
 
diff --git a/superset-frontend/packages/superset-ui-core/src/utils/html.tsx b/superset-frontend/packages/superset-ui-core/src/utils/html.tsx
index 3215eb9b9de5b..fffd43bda8f6e 100644
--- a/superset-frontend/packages/superset-ui-core/src/utils/html.tsx
+++ b/superset-frontend/packages/superset-ui-core/src/utils/html.tsx
@@ -28,7 +28,9 @@ export function sanitizeHtml(htmlString: string) {
 }
 
 export function isProbablyHTML(text: string) {
-  return /<[^>]+>/.test(text);
+  return Array.from(
+    new DOMParser().parseFromString(text, 'text/html').body.childNodes,
+  ).some(({ nodeType }) => nodeType === 1);
 }
 
 export function sanitizeHtmlIfNeeded(htmlString: string) {