hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11441) Add escaping to error message in KMS web UI
Date Mon, 06 Mar 2017 19:20:32 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15897869#comment-15897869
] 

Andrew Wang commented on HDFS-11441:
------------------------------------

The threat here is if someone injects bad input into an exception message, which is then viewed
in a browser. This seems pretty unlikely to me considering users do not interact with the
KMS via a browser. I don't think it's a critical.

Let's leave it to 2.8.1 then, thanks!

> Add escaping to error message in KMS web UI
> -------------------------------------------
>
>                 Key: HDFS-11441
>                 URL: https://issues.apache.org/jira/browse/HDFS-11441
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.8.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>            Priority: Minor
>             Fix For: 2.9.0, 3.0.0-alpha3, 2.8.1
>
>         Attachments: HDFS-11441-branch-2.6.patch, HDFS-11441.patch, HDFS-11441.patch
>
>
> There's a handful of places where web UIs don't escape error messages. We should add
escaping in these places.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message