[
https://issues.apache.org/jira/browse/HADOOP-6151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756959#action_12756959
]
Chris Douglas commented on HADOOP-6151:
---------------------------------------
{noformat}
[exec] -1 overall.
[exec]
[exec] +1 @author. The patch does not contain any @author tags.
[exec]
[exec] +1 tests included. The patch appears to include 2 new or
modified tests.
[exec]
[exec] -1 javadoc. The javadoc tool appears to have generated 1
warning messages.
[exec]
[exec] +1 javac. The applied patch does not increase the total number
of javac compiler warnings.
[exec]
[exec] +1 findbugs. The patch does not introduce any new Findbugs
warnings.
[exec]
[exec] +1 release audit. The applied patch does not increase the
total number of release audit warnings.
[javadoc] /snip/common/src/.../HtmlQuoting.java:145: warning - @return tag has
no arguments.
[javadoc] /snip/common/src/.../HtmlQuoting.java:73: warning - @param argument
"buffer" is not a parameter name.
[javadoc] /snip/common/src/.../HtmlQuoting.java:73: warning - @param argument
"add" is not a parameter name.
{noformat}
* The unit test should use JUnit4 test annotations instead of JUnit3 TestCase
* HttpServer::printRequest looks useful for debugging, but should probably be
left out
* The static \*Bytes fields should be final
* The @return docs for "needsQuoting" could be more explicit
> The servlets should quote html characters
> -----------------------------------------
>
> Key: HADOOP-6151
> URL: https://issues.apache.org/jira/browse/HADOOP-6151
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Owen O'Malley
> Assignee: Owen O'Malley
> Priority: Critical
> Fix For: 0.21.0
>
> Attachments: h6151.patch, h6151.patch
>
>
> We need to quote html characters that come from user generated data.
> Otherwise, all of the web ui's have cross site scripting attack, etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
