hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-17558) ZK dumping jsp should escape html
Date Fri, 27 Jan 2017 19:25:24 GMT
Sean Busbey created HBASE-17558:
-----------------------------------

             Summary: ZK dumping jsp should escape html 
                 Key: HBASE-17558
                 URL: https://issues.apache.org/jira/browse/HBASE-17558
             Project: HBase
          Issue Type: Bug
          Components: security, UI
            Reporter: Sean Busbey
            Priority: Minor


Right now the ZK status page in the master dumps data from ZK using ZKUtil without doing any
processing to e.g. escape HTML entities.

ie.:

{codE}
        <div class="container-fluid content">
            <div class="row inner_header">
                <div class="page-header">
                    <h1>ZooKeeper Dump</h1>
                </div>
            </div>
            <div class="row">
                <div class="span12">
                    <pre><%= ZKUtil.dump(watcher).trim() %></pre>
                </div>
            </div>
        </div>
{code}

current url: https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message