[
https://issues.apache.org/jira/browse/HADOOP-6151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12757256#action_12757256
]
Hudson commented on HADOOP-6151:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #38 (See
[http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/38/])
. Added a input filter to all of the http servlets that quotes
html characters in the parameters, to prevent cross site scripting
attacks. (omalley)
> The servlets should quote html characters
> -----------------------------------------
>
> Key: HADOOP-6151
> URL: https://issues.apache.org/jira/browse/HADOOP-6151
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Owen O'Malley
> Assignee: Owen O'Malley
> Priority: Critical
> Fix For: 0.21.0
>
> Attachments: h6151.patch, h6151.patch, h6151.patch, h6151.patch
>
>
> We need to quote html characters that come from user generated data.
> Otherwise, all of the web ui's have cross site scripting attack, etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
