Return-Path: Delivered-To: apmail-hadoop-hbase-dev-archive@minotaur.apache.org Received: (qmail 48423 invoked from network); 4 Apr 2009 18:32:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Apr 2009 18:32:37 -0000 Received: (qmail 49744 invoked by uid 500); 4 Apr 2009 18:32:37 -0000 Delivered-To: apmail-hadoop-hbase-dev-archive@hadoop.apache.org Received: (qmail 49687 invoked by uid 500); 4 Apr 2009 18:32:37 -0000 Mailing-List: contact hbase-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hbase-dev@hadoop.apache.org Delivered-To: mailing list hbase-dev@hadoop.apache.org Received: (qmail 49366 invoked by uid 99); 4 Apr 2009 18:32:36 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Apr 2009 18:32:36 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Apr 2009 18:32:34 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2E18F234C056 for ; Sat, 4 Apr 2009 11:32:13 -0700 (PDT) Message-ID: <1722123757.1238869933187.JavaMail.jira@brutus> Date: Sat, 4 Apr 2009 11:32:13 -0700 (PDT) From: "Lars George (JIRA)" To: hbase-dev@hadoop.apache.org Subject: [jira] Commented: (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start & end keys) In-Reply-To: <557411898.1238435570944.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695774#action_12695774 ] Lars George commented on HBASE-1299: ------------------------------------ I would have done this too while working on HBASE-1298 but I am not sure if there is nowadays an equivalent to the URLEncode class that does HTML codepoint conversions. Or maybe there is one somewhere already in the project in another library? Do you know? If not this seems not to warrant adding for example Commons Lang: http://commons.apache.org/lang/api-release/org/apache/commons/lang/StringEscapeUtils.html We could simply add a local helper that does the encoding, but I would like to know first from the boss if that is advisable or what the general approach to this is. Please advise. > JSPs don't HTML escape literals (ie: table names, region names, start & end keys) > --------------------------------------------------------------------------------- > > Key: HBASE-1299 > URL: https://issues.apache.org/jira/browse/HBASE-1299 > Project: Hadoop HBase > Issue Type: Bug > Affects Versions: 0.19.0, 0.19.1 > Reporter: Hoss Man > > similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.