Akhilsnaik opened a new pull request #3453: ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach URL: https://github.com/apache/zeppelin/pull/3453 ### What is this PR for? Fix of : ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach Issue reproduction steps : create a notebook give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack ### What type of PR is it? BUG FIX ZEPPELIN-4335 ### Todos ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-4335 ### How should this be tested? Test as per reproduction steps : create a notebook give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
