hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oz...@apache.org
Subject hadoop git commit: YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima.
Date Sun, 03 May 2015 01:52:43 GMT
Repository: hadoop
Updated Branches:
  refs/heads/branch-2 65a19fbc3 -> f382602de


YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima.

(cherry picked from commit e8d0ee5fc9af612d7abc9ab2c201434e7102d092)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f382602d
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f382602d
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f382602d

Branch: refs/heads/branch-2
Commit: f382602de1860791c30cf6e24effc35aed4d9447
Parents: 65a19fb
Author: Tsuyoshi Ozawa <ozawa@apache.org>
Authored: Sun May 3 10:51:17 2015 +0900
Committer: Tsuyoshi Ozawa <ozawa@apache.org>
Committed: Sun May 3 10:51:39 2015 +0900

----------------------------------------------------------------------
 hadoop-yarn-project/CHANGES.txt                                 | 4 ++++
 .../main/java/org/apache/hadoop/yarn/webapp/view/TextView.java  | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/f382602d/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 4893c1c..ec4c6a5 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -245,6 +245,10 @@ Release 2.8.0 - UNRELEASED
     YARN-2454. Fix compareTo of variable UNBOUNDED in o.a.h.y.util.resource.Resources.
     (Xu Yang via junping_du)
 
+    YARN-1993. Cross-site scripting vulnerability in TextView.java. (Kenji Kikushima
+    via ozawa)
+
+
 Release 2.7.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES

http://git-wip-us.apache.org/repos/asf/hadoop/blob/f382602d/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
index 16efa4e..4983dac 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
@@ -20,6 +20,7 @@ package org.apache.hadoop.yarn.webapp.view;
 
 import java.io.PrintWriter;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.yarn.webapp.View;
 
@@ -45,7 +46,9 @@ public abstract class TextView extends View {
   public void echo(Object... args) {
     PrintWriter out = writer();
     for (Object s : args) {
-      out.print(s);
+      String escapedString = StringEscapeUtils.escapeJavaScript(
+          StringEscapeUtils.escapeHtml(s.toString()));
+      out.print(escapedString);
     }
   }
 


Mime
View raw message