Return-Path: 
 <common-commits-return-34990-apmail-hadoop-common-commits-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org
Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0BA0418E53
	for <apmail-hadoop-common-commits-archive@www.apache.org>;
 Mon,  4 May 2015 23:43:14 +0000 (UTC)
Received: (qmail 31176 invoked by uid 500); 4 May 2015 23:43:06 -0000
Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org
Received: (qmail 30957 invoked by uid 500); 4 May 2015 23:43:06 -0000
Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-commits-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-commits-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-commits@hadoop.apache.org>
List-Id: <common-commits.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-commits@hadoop.apache.org
Received: (qmail 29717 invoked by uid 99); 4 May 2015 23:43:05 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 May 2015 23:43:05 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 98243E10F7; Mon,  4 May 2015 23:43:05 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jitendra@apache.org
To: common-commits@hadoop.apache.org
Date: Mon, 04 May 2015 23:43:23 -0000
Message-Id: <fc6f0ff7ba3f408895ac0e26f30cdfdc@git.apache.org>
In-Reply-To: <7eb9b1be91e74b5aacdf8ef0c243d95f@git.apache.org>
References: <7eb9b1be91e74b5aacdf8ef0c243d95f@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [19/33] hadoop git commit: YARN-1993. Cross-site scripting
 vulnerability in TextView.java. Contributed byKenji Kikushima.

YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/e8d0ee5f
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/e8d0ee5f
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/e8d0ee5f

Branch: refs/heads/HDFS-7240
Commit: e8d0ee5fc9af612d7abc9ab2c201434e7102d092
Parents: 6ae2a0d
Author: Tsuyoshi Ozawa <ozawa@apache.org>
Authored: Sun May 3 10:51:17 2015 +0900
Committer: Tsuyoshi Ozawa <ozawa@apache.org>
Committed: Sun May 3 10:51:17 2015 +0900

----------------------------------------------------------------------
 hadoop-yarn-project/CHANGES.txt                                 | 4 ++++
 .../main/java/org/apache/hadoop/yarn/webapp/view/TextView.java  | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/e8d0ee5f/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 899310e..684efc5 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -293,6 +293,10 @@ Release 2.8.0 - UNRELEASED
     YARN-2454. Fix compareTo of variable UNBOUNDED in o.a.h.y.util.resource.Resources.
     (Xu Yang via junping_du)
 
+    YARN-1993. Cross-site scripting vulnerability in TextView.java. (Kenji Kikushima
+    via ozawa)
+
+
 Release 2.7.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES

http://git-wip-us.apache.org/repos/asf/hadoop/blob/e8d0ee5f/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
index 16efa4e..4983dac 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
@@ -20,6 +20,7 @@ package org.apache.hadoop.yarn.webapp.view;
 
 import java.io.PrintWriter;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.yarn.webapp.View;
 
@@ -45,7 +46,9 @@ public abstract class TextView extends View {
   public void echo(Object... args) {
     PrintWriter out = writer();
     for (Object s : args) {
-      out.print(s);
+      String escapedString = StringEscapeUtils.escapeJavaScript(
+          StringEscapeUtils.escapeHtml(s.toString()));
+      out.print(escapedString);
     }
   }