hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Srinivas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4162) Some malformed and unquoted HTML strings are returned from datanode web ui
Date Wed, 07 Nov 2012 22:32:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13492768#comment-13492768

Suresh Srinivas commented on HDFS-4162:

Derek I have added you as a HDFS contributor. Now you can assign HDFS jiras to yourself.
> Some malformed and unquoted HTML strings are returned from datanode web ui
> --------------------------------------------------------------------------
>                 Key: HDFS-4162
>                 URL: https://issues.apache.org/jira/browse/HDFS-4162
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: data-node
>    Affects Versions: 0.23.4
>            Reporter: Derek Dagit
>            Assignee: Derek Dagit
>            Priority: Minor
>         Attachments: HDFS-4162-branch-0.23.patch, HDFS-4162.patch
> When browsing to the datanode at /browseDirectory.jsp, if a path with HTML characters
is requested, the resulting error page echos back the input unquoted.
> Example:
> http://localhost:50075/browseDirectory.jsp?dir=/<xss>&go=go&namenodeInfoPort=50070&nnaddr=localhost%3A9000
> Writes an input element as part of the response:
> <input name="dir" type="text" width="50" id"dir" value="/<xss>">
> - The value of the "value" attribute is not quoted. 
> - An = must follow the "id" attribute name.
> - Element "input" should have a closing tag.
> The output should be something like:
> <input name="dir" type="text" width="50" id="dir" value="/&lt;xss&gt;"/>
> In addition, if one creates a directory:
> hdfs dfs -put '/some/path/to/<xss>'
> Then browsing to the parent of directory '<xss>' prints unquoted HTML in the directory

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message