hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Derek Dagit (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-4162) Some malformed and unquoted HTML strings are returned from datanode web ui
Date Wed, 07 Nov 2012 22:18:12 GMT
Derek Dagit created HDFS-4162:

             Summary: Some malformed and unquoted HTML strings are returned from datanode
web ui
                 Key: HDFS-4162
                 URL: https://issues.apache.org/jira/browse/HDFS-4162
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: data-node
    Affects Versions: 0.23.4
            Reporter: Derek Dagit
            Priority: Minor

When browsing to the datanode at /browseDirectory.jsp, if a path with HTML characters is requested,
the resulting error page echos back the input unquoted.



Writes an input element as part of the response:

<input name="dir" type="text" width="50" id"dir" value="/<xss>">

- The value of the "value" attribute is not quoted. 
- An = must follow the "id" attribute name.
- Element "input" should have a closing tag.

The output should be something like:

<input name="dir" type="text" width="50" id="dir" value="/&lt;xss&gt;"/>

In addition, if one creates a directory:

hdfs dfs -put '/some/path/to/<xss>'

Then browsing to the parent of directory '<xss>' prints unquoted HTML in the directory

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message