hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Derek Dagit (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-4162) Some malformed and unquoted HTML strings are returned from datanode web ui
Date Wed, 07 Nov 2012 22:22:14 GMT

     [ https://issues.apache.org/jira/browse/HDFS-4162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Derek Dagit updated HDFS-4162:

    Attachment: HDFS-4162-branch-0.23.patch
> Some malformed and unquoted HTML strings are returned from datanode web ui
> --------------------------------------------------------------------------
>                 Key: HDFS-4162
>                 URL: https://issues.apache.org/jira/browse/HDFS-4162
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: data-node
>    Affects Versions: 0.23.4
>            Reporter: Derek Dagit
>            Priority: Minor
>         Attachments: HDFS-4162-branch-0.23.patch, HDFS-4162.patch
> When browsing to the datanode at /browseDirectory.jsp, if a path with HTML characters
is requested, the resulting error page echos back the input unquoted.
> Example:
> http://localhost:50075/browseDirectory.jsp?dir=/<xss>&go=go&namenodeInfoPort=50070&nnaddr=localhost%3A9000
> Writes an input element as part of the response:
> <input name="dir" type="text" width="50" id"dir" value="/<xss>">
> - The value of the "value" attribute is not quoted. 
> - An = must follow the "id" attribute name.
> - Element "input" should have a closing tag.
> The output should be something like:
> <input name="dir" type="text" width="50" id="dir" value="/&lt;xss&gt;"/>
> In addition, if one creates a directory:
> hdfs dfs -put '/some/path/to/<xss>'
> Then browsing to the parent of directory '<xss>' prints unquoted HTML in the directory

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message