hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hoss Man (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start & end keys)
Date Sat, 04 Apr 2009 22:55:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695797#action_12695797
] 

Hoss Man commented on HBASE-1299:
---------------------------------

it's been a while since i did anything with JSPs, but as i recall JSP 1.2 had a standard taglib
for escaping variables when outputing them.

i would suggest that it might be worth while to convert all the JSPs to JSP 2.0 (aka: *.jspx)
where escaping variables on output is the default, because both the templates and the output
are garunteed to be wellformed XML (or xhtml if that's what you're goal is)

> JSPs don't HTML escape literals (ie: table names, region names, start & end keys)
> ---------------------------------------------------------------------------------
>
>                 Key: HBASE-1299
>                 URL: https://issues.apache.org/jira/browse/HBASE-1299
>             Project: Hadoop HBase
>          Issue Type: Bug
>    Affects Versions: 0.19.0, 0.19.1
>            Reporter: Hoss Man
>
> similar to HBASE-1298, the various JSPs included with HBase for monitoring the system
don't seem to do any HTML escaping when displaying user entered data which may contain special
characters: table names, region names, start Keys, or end Keys

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message