[
https://issues.apache.org/jira/browse/SOLR-1031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Erik Hatcher resolved SOLR-1031.
--------------------------------
Resolution: Fixed
patch applied, tested, and committed. thanks, Paul and Peter!
> XSS vulnerability in schema.jsp (patch included)
> ------------------------------------------------
>
> Key: SOLR-1031
> URL: https://issues.apache.org/jira/browse/SOLR-1031
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 1.2, 1.3
> Reporter: Paul Lovvik
> Attachments: SchemaXSS.patch, SOLR-1031.patch
>
>
> If javascript is embedded in any of the fields, it is possible for that
> javascript to be executed when viewing the schema.
> The javascript will appear in the "Top Terms" part of the UI.
> I have created a simple patch to prevent this problem from occurring.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
