hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7527) Make URL encoding consistent
Date Mon, 08 Aug 2011 16:58:27 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13081055#comment-13081055

Todd Lipcon commented on HADOOP-7527:

The QuotingInputFilter is also totally misguided - yes, it prevents you from accidentally
forgetting to encode something, but it's done the wrong layer. Encoding is output-type dependent
-- just because we usually output to HTML doesn't mean that the parameters should be HTML-encoded
"on the way in".

The correct way to do this is to make sure all interpolation of user input escapes at interpolation
time -- the encoding should then be the proper context-dependent escaping scheme (eg URL escaping,
javascript escaping, or HTML escaping, which are all different and sometimes need to be layered)

> Make URL encoding consistent
> ----------------------------
>                 Key: HADOOP-7527
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7527
>             Project: Hadoop Common
>          Issue Type: Improvement
>    Affects Versions: 0.23.0
>            Reporter: Eli Collins
> URL encoding is currently handled in at least 4 different ways. We should make these
> # Parameters are encoded when a URI object is created
> # HttpServlet uses RequestQuoter to html escape parameter names and values
> # StringEscapeUtils is used to escape parameters in ReconfigurationServlet and DatanodeJspHelper
> # URLEncoder and URLDecoder are used in multiple places 
> We should also be consistent about how we pass file names in URLs, some times they're
passed in the path segment, sometimes they're passed in the query fragment as parameters.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message