hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lars George (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start & end keys)
Date Sat, 04 Apr 2009 18:32:13 GMT

    [ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695774#action_12695774
] 

Lars George commented on HBASE-1299:
------------------------------------

I would have done this too while working on HBASE-1298 but I am not sure if there is nowadays
an equivalent to the URLEncode class that does HTML codepoint conversions. Or maybe there
is one somewhere already in the project in another library? Do you know?

If not this seems not to warrant adding for example Commons Lang:
  http://commons.apache.org/lang/api-release/org/apache/commons/lang/StringEscapeUtils.html

We could simply add a local helper that does the encoding, but I would like to know first
from the boss if that is advisable or what the general approach to this is. Please advise.

> JSPs don't HTML escape literals (ie: table names, region names, start & end keys)
> ---------------------------------------------------------------------------------
>
>                 Key: HBASE-1299
>                 URL: https://issues.apache.org/jira/browse/HBASE-1299
>             Project: Hadoop HBase
>          Issue Type: Bug
>    Affects Versions: 0.19.0, 0.19.1
>            Reporter: Hoss Man
>
> similar to HBASE-1298, the various JSPs included with HBase for monitoring the system
don't seem to do any HTML escaping when displaying user entered data which may contain special
characters: table names, region names, start Keys, or end Keys

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message