hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-17561) table status page should escape values that may contain arbitrary characters.
Date Wed, 22 Feb 2017 07:52:44 GMT

     [ https://issues.apache.org/jira/browse/HBASE-17561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sean Busbey updated HBASE-17561:
--------------------------------
       Resolution: Fixed
    Fix Version/s: 1.1.10
                   1.2.5
                   1.3.1
                   1.4.0
                   2.0.0
           Status: Resolved  (was: Patch Available)

> table status page should escape values that may contain arbitrary characters.
> -----------------------------------------------------------------------------
>
>                 Key: HBASE-17561
>                 URL: https://issues.apache.org/jira/browse/HBASE-17561
>             Project: HBase
>          Issue Type: Sub-task
>          Components: master, UI
>            Reporter: Sean Busbey
>            Assignee: Sean Busbey
>             Fix For: 2.0.0, 1.4.0, 1.3.1, 1.2.5, 1.1.10
>
>         Attachments: HBASE-17561.0.patch
>
>
> We write out table names to an html document without escaping html entities
> e.g. in this case it even comes directly from the request
> {code}
>     <meta charset="utf-8">
>     <% if ( !readOnly && action != null ) { %>
>         <title>HBase Master: <%= master.getServerName() %></title>
>     <% } else { %>
>         <title>Table: <%= fqtn %></title>
>     <% } %>
> {code}
> in https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/table.jsp



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message