hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-14514) Vulnerability to XSS attack due to printing HTML output
Date Wed, 30 Sep 2015 02:21:04 GMT
Ted Yu created HBASE-14514:
------------------------------

             Summary: Vulnerability to XSS attack due to printing HTML output
                 Key: HBASE-14514
                 URL: https://issues.apache.org/jira/browse/HBASE-14514
             Project: HBase
          Issue Type: Bug
            Reporter: Ted Yu


In flink-clients/src/main/java/org/apache/flink/client/web/PlanDisplayServlet.java :
{code}
113                     writer.println("        // register the event handler for the 'run'
button and activate zoom Buttons\n"
114                                             + " activateZoomButtons();"
115                                             + "        $('#run_button').click(function
() {\n" + "          $('#run_button').remove();\n"
116                                             + "          $.ajax( {" + " url: '/runJob',"
+ " data: { action: 'runsubmitted', id: '" + uid + "' },"
117                                             + " success: function () { alert('Job succesfully
submitted');"
118                                             + (this.runtimeVisURL != null ? (" window.location
= \"" + this.runtimeVisURL + "\"; },") : " },")
{code}
Printing HTML output induces XSS vulnerability



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message