hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Srinivas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-4162) Some malformed and unquoted HTML strings are returned from datanode web ui
Date Fri, 09 Nov 2012 17:44:12 GMT

     [ https://issues.apache.org/jira/browse/HDFS-4162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Suresh Srinivas updated HDFS-4162:

       Resolution: Fixed
    Fix Version/s: 2.0.3-alpha
     Hadoop Flags: Reviewed
           Status: Resolved  (was: Patch Available)

Committed the change to branch-2 and trunk. Thank you Darek.
> Some malformed and unquoted HTML strings are returned from datanode web ui
> --------------------------------------------------------------------------
>                 Key: HDFS-4162
>                 URL: https://issues.apache.org/jira/browse/HDFS-4162
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: data-node
>    Affects Versions: 0.23.4
>            Reporter: Derek Dagit
>            Assignee: Derek Dagit
>            Priority: Minor
>             Fix For: 3.0.0, 2.0.3-alpha
>         Attachments: HDFS-4162-branch-0.23.patch, HDFS-4162.patch
> When browsing to the datanode at /browseDirectory.jsp, if a path with HTML characters
is requested, the resulting error page echos back the input unquoted.
> Example:
> http://localhost:50075/browseDirectory.jsp?dir=/<xss>&go=go&namenodeInfoPort=50070&nnaddr=localhost%3A9000
> Writes an input element as part of the response:
> <input name="dir" type="text" width="50" id"dir" value="/<xss>">
> - The value of the "value" attribute is not quoted. 
> - An = must follow the "id" attribute name.
> - Element "input" should have a closing tag.
> The output should be something like:
> <input name="dir" type="text" width="50" id="dir" value="/&lt;xss&gt;"/>
> In addition, if one creates a directory:
> hdfs dfs -put '/some/path/to/<xss>'
> Then browsing to the parent of directory '<xss>' prints unquoted HTML in the directory

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message