-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31678/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Ramesh Mani,
Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-284
https://issues.apache.org/jira/browse/RANGER-284
Repository: ranger
Description
-------
Escape HTML chars before displaying to prevent XSS
Diffs
-----
security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js ac3ab7d
Diff: https://reviews.apache.org/r/31678/diff/
Testing
-------
* Set user agent to something like this - "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.0) <script>alert(1);</script>"
* Login to policy admin with an incorrect username/password
* Login as admin user
* Go to Audit tab --> Login Sessions
* Click on the failed login session id
* Click Login sessions
* No javascript alert should be shown.
Thanks,
Gautam Borad
