HBASE-15120 Use appropriate encoding for "filter" field in TaskMonitorTmpl.jamon.
Signed-off-by: chenheng <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/9f8273e7 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/9f8273e7 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/9f8273e7 Branch: refs/heads/hbase-12439 Commit: 9f8273e7175954cf6dd4bf523b531bf9971749bb Parents: a807708 Author: Samir Ahmic <[email protected]> Authored: Tue Feb 16 12:04:37 2016 +0100 Committer: chenheng <[email protected]> Committed: Wed Feb 17 10:23:06 2016 +0800 ---------------------------------------------------------------------- .../hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/9f8273e7/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon ---------------------------------------------------------------------- diff --git a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon index b4a5fea..c3c5d61 100644 --- a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon +++ b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon @@ -20,12 +20,22 @@ limitations under the License. java.util.*; org.apache.hadoop.hbase.monitoring.*; org.apache.hadoop.util.StringUtils; +org.owasp.esapi.ESAPI; +org.owasp.esapi.errors.EncodingException; </%import> <%args> TaskMonitor taskMonitor = TaskMonitor.get(); String filter = "general"; String format = "html"; </%args> +<%class> + public String encodeFilter() { + try { + return ESAPI.encoder().encodeForURL(filter); + }catch(EncodingException e) {} + return ESAPI.encoder().encodeForHTML(filter); + } +</%class> <%java> List<? extends MonitoredTask> tasks = taskMonitor.getTasks(); Iterator<? extends MonitoredTask> iter = tasks.iterator(); @@ -62,7 +72,7 @@ boolean first = true; <li <%if filter.equals("handler")%>class="active"</%if>><a href="?filter=handler">Show All RPC Handler Tasks</a></li> <li <%if filter.equals("rpc")%>class="active"</%if>><a href="?filter=rpc">Show Active RPC Calls</a></li> <li <%if filter.equals("operation")%>class="active"</%if>><a href="?filter=operation">Show Client Operations</a></li> - <li><a href="?format=json&filter=<% filter %>">View as JSON</a></li> + <li><a href="?format=json&filter=<% encodeFilter() %>">View as JSON</a></li> </ul> <%if tasks.isEmpty()%> <p>No tasks currently running on this node.</p>
