Ted Yu created HBASE-14514:
------------------------------
Summary: Vulnerability to XSS attack due to printing HTML output
Key: HBASE-14514
URL: https://issues.apache.org/jira/browse/HBASE-14514
Project: HBase
Issue Type: Bug
Reporter: Ted Yu
In
flink-clients/src/main/java/org/apache/flink/client/web/PlanDisplayServlet.java
:
{code}
113 writer.println(" // register the event handler
for the 'run' button and activate zoom Buttons\n"
114 + " activateZoomButtons();"
115 + "
$('#run_button').click(function () {\n" + "
$('#run_button').remove();\n"
116 + " $.ajax( {" + "
url: '/runJob'," + " data: { action: 'runsubmitted', id: '" + uid + "' },"
117 + " success: function () {
alert('Job succesfully submitted');"
118 + (this.runtimeVisURL != null ?
(" window.location = \"" + this.runtimeVisURL + "\"; },") : " },")
{code}
Printing HTML output induces XSS vulnerability
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
