Re: Review Request 31678: Sanitize User Data to prevent XSS - Security Vulnerability

Velmurugan Periasamy Tue, 03 Mar 2015 13:35:16 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31678/#review75025
-----------------------------------------------------------


Ship it!


Ship It!

- Velmurugan Periasamy


On March 3, 2015, 11:18 a.m., Gautam Borad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31678/
> -----------------------------------------------------------
> 
> (Updated March 3, 2015, 11:18 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Madhan Neethiraj, Ramesh Mani, 
> Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-284
>     https://issues.apache.org/jira/browse/RANGER-284
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Escape HTML chars before displaying to prevent XSS
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js ac3ab7d 
> 
> Diff: https://reviews.apache.org/r/31678/diff/
> 
> 
> Testing
> -------
> 
> * Set user agent to something like this - "Mozilla/4.0 (compatible; MSIE 6.0; 
> Windows NT 5.0) <script>alert(1);</script>"
> * Login to policy admin with an incorrect username/password
> * Login as admin user
> * Go to Audit tab --> Login Sessions
> * Click on the failed login session id
> * Click Login sessions
> * No javascript alert should be shown.
> 
> 
> Thanks,
> 
> Gautam Borad
> 
>

Re: Review Request 31678: Sanitize User Data to prevent XSS - Security Vulnerability

Reply via email to