This is an automated email from the ASF dual-hosted git repository. akovalenko pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/ambari.git
commit c0108addcb41f4d185293d347003e62ee8f687ce Author: Aleksandr Kovalenko <[email protected]> AuthorDate: Thu Sep 13 13:12:37 2018 +0300 AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko) --- ambari-web/app/messages.js | 4 ++-- ambari-web/app/templates/common/host_progress_popup.hbs | 2 +- ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs | 2 +- ambari-web/app/templates/main/alerts/definition_details.hbs | 2 +- ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs | 6 +++--- ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 4 ++-- ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs | 4 ++-- ambari-web/app/templates/main/host/logs.hbs | 2 +- ambari-web/app/templates/main/service/info/summary.hbs | 4 ++-- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js index 6883dc5..81f62e9 100644 --- a/ambari-web/app/messages.js +++ b/ambari-web/app/messages.js @@ -29,7 +29,7 @@ Em.I18n.translations = { 'app.redirectIssuePopup.header': 'Login Redirect Issue', 'app.redirectIssuePopup.body': 'For single sign-on, make sure that Knox Gateway and Ambari Server are located on the same host or subdomain.' + '<br/>Alternatively login as an Ambari local user using the local login page.<br />' + - '<a href="{0}" target="_blank">{0}</a>', + '<a rel="noopener noreferrer" href="{0}" target="_blank">{0}</a>', 'app.loadingPlaceholder': 'Loading...', 'app.versionMismatchAlert.title': 'Ambari Server / Web Client Version Mismatch', @@ -2349,7 +2349,7 @@ Em.I18n.translations = { 'services.service.config.configHistory.makeCurrent.message': 'Created from service config version {0}', 'services.service.config.configHistory.comparing': 'Comparing Changes in', 'services.service.config.setRecommendedValue': 'Set Recommended', - 'services.service.config.database.msg.jdbcSetup.detailed': 'To use {0} with {6}, you must <a href="{3}" target="_blank">' + + 'services.service.config.database.msg.jdbcSetup.detailed': 'To use {0} with {6}, you must <a rel="noopener noreferrer" href="{3}" target="_blank">' + 'download the {4} from {0}</a>. Once downloaded to the Ambari Server host, run: <br/>' + '<b>ambari-server setup --jdbc-db={1} --jdbc-driver=/path/to/{1}/{2}</b>', diff --git a/ambari-web/app/templates/common/host_progress_popup.hbs b/ambari-web/app/templates/common/host_progress_popup.hbs index ec36333..a7e3b98 100644 --- a/ambari-web/app/templates/common/host_progress_popup.hbs +++ b/ambari-web/app/templates/common/host_progress_popup.hbs @@ -343,7 +343,7 @@ <strong class="muted">{{hostLog.fileName}}</strong> {{#view App.LogSearchUILinkView linkQueryParamsBinding="hostLog.linkTail" tagName="span"}} <a {{bindAttr href="view.formatedLink" class=":pull-right view.isLodaded::disabled"}} - target="_blank"> + target="_blank" rel="noopener noreferrer"> <i class="icon-external-link"></i> {{t popup.logTail.openInLogSearch}}</a> {{/view}} diff --git a/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs b/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs index 1b0a6d0..2f42c6e 100644 --- a/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs +++ b/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs @@ -29,7 +29,7 @@ <i class="icon-external-link"></i> {{t common.open}} </a> - <a class="open-in-log-search" {{bindAttr href="view.logSearchUrl"}} target="_blank"> + <a class="open-in-log-search" {{bindAttr href="view.logSearchUrl"}} target="_blank" rel="noopener noreferrer"> <i class="icon-external-link"></i> {{t popup.logTail.openInLogSearch}} </a> diff --git a/ambari-web/app/templates/main/alerts/definition_details.hbs b/ambari-web/app/templates/main/alerts/definition_details.hbs index 7423cb0..e721db7 100644 --- a/ambari-web/app/templates/main/alerts/definition_details.hbs +++ b/ambari-web/app/templates/main/alerts/definition_details.hbs @@ -193,7 +193,7 @@ {{#if controller.content.hasHelpUrl}} <div class="row"> <div class="col-md-5 property-name">{{t alerts.table.header.helpUrl}}:</div> - <div class="col-md-7"><label for=""><a {{bindAttr href="controller.content.helpUrl"}} target="_blank">{{t common.link}}</a></label></div> + <div class="col-md-7"><label for=""><a {{bindAttr href="controller.content.helpUrl"}} target="_blank" rel="noopener noreferrer">{{t common.link}}</a></label></div> </div> {{/if}} </div> diff --git a/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs index fe7cad4..8fb2b89 100644 --- a/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs +++ b/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs @@ -54,7 +54,7 @@ <td> {{#if view.activeMaster}} <a {{bindAttr href="view.hbaseMasterWebUrl"}} - target="_blank">{{t dashboard.services.hbase.masterWebUI}}</a> + target="_blank" rel="noopener noreferrer">{{t dashboard.services.hbase.masterWebUI}}</a> {{else}} {{t services.service.summary.notAvailable}} {{/if}} @@ -81,7 +81,7 @@ <a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a> <ul class="dropdown-menu"> {{#each quickLinks}} - <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li> + <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li> {{/each}} </ul> </li> @@ -89,7 +89,7 @@ {{/each}} {{else}} {{#each view.quickLinks}} - <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li> + <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li> {{/each}} {{/if}} {{else}} diff --git a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs index 4b0669b..7e482b0 100644 --- a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs +++ b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs @@ -101,7 +101,7 @@ <a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a> <ul class="dropdown-menu"> {{#each quickLinks}} - <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li> + <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li> {{/each}} </ul> </li> @@ -109,7 +109,7 @@ {{/each}} {{else}} {{#each view.quickLinks}} - <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li> + <li><a {{bindAttr href="url"}} target="_blank rel="noopener noreferrer"">{{label}}</a></li> {{/each}} {{/if}} {{else}} diff --git a/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs index 68bb54b..0ac48a7 100644 --- a/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs +++ b/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs @@ -66,7 +66,7 @@ <a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a> <ul class="dropdown-menu"> {{#each quickLinks}} - <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li> + <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li> {{/each}} </ul> </li> @@ -74,7 +74,7 @@ {{/each}} {{else}} {{#each view.quickLinks}} - <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li> + <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li> {{/each}} {{/if}} {{else}} diff --git a/ambari-web/app/templates/main/host/logs.hbs b/ambari-web/app/templates/main/host/logs.hbs index 6d4066b..3ec1f35 100644 --- a/ambari-web/app/templates/main/host/logs.hbs +++ b/ambari-web/app/templates/main/host/logs.hbs @@ -43,7 +43,7 @@ <div> <a {{action openLogFile row file.filePath target="view.parentView"}} href="#" rel="log-file-name-tooltip" {{bindAttr data-original-title="file.filePath"}}>{{file.fileName}}</a> {{#view App.LogSearchUILinkView linkQueryParamsBinding="file.linkTail" tagName="span"}} - <a {{bindAttr href="view.formatedLink"}} target="_blank" rel="log-file-name-tooltip" {{translateAttr title="popup.logTail.openInLogSearch"}} class="pull-right external-link"> + <a {{bindAttr href="view.formatedLink"}} target="_blank" rel="log-file-name-tooltip noopener noreferrer" {{translateAttr title="popup.logTail.openInLogSearch"}} class="pull-right external-link"> <i class="icon-external-link"></i> {{t popup.logTail.openInLogSearch}} </a> diff --git a/ambari-web/app/templates/main/service/info/summary.hbs b/ambari-web/app/templates/main/service/info/summary.hbs index c100fca..f9e3131 100644 --- a/ambari-web/app/templates/main/service/info/summary.hbs +++ b/ambari-web/app/templates/main/service/info/summary.hbs @@ -98,7 +98,7 @@ {{#each quickLinks in group.links}} <h6>{{quickLinks.publicHostNameLabel}}</h6> {{#each quickLinks}} - <a {{bindAttr href="url"}} target="_blank">{{label}}</a> + <a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a> {{/each}} {{/each}} </div> @@ -106,7 +106,7 @@ {{else}} {{#if view.quickLinks}} {{#each view.quickLinks}} - <a {{bindAttr href="url"}} target="_blank">{{label}}</a> + <a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a> {{/each}} {{else}} <div class="alert alert-danger">
