[
https://issues.apache.org/jira/browse/HADOOP-416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518888
]
Michael Bieniosek commented on HADOOP-416:
------------------------------------------
I've noticed that occasionally snippets of web pages make it to the log pages.
This could potentially be a security problem, so we should fix this. I don't
think <pre> is a great solution, since there could be a </pre> in the text.
It's probably better to escape &<>, or set the content-type to text/plain.
> Web UI JSP: need to HTML-Escape log file contents
> -------------------------------------------------
>
> Key: HADOOP-416
> URL: https://issues.apache.org/jira/browse/HADOOP-416
> Project: Hadoop
> Issue Type: Bug
> Components: mapred
> Reporter: Michel Tourn
> Assignee: Owen O'Malley
>
> Web UI JSP: need to HTML-Escape log (file) contents
> Displaying the task's error log or the mapred.Reporter status String:
> the content should
> have all "<" and ">" converted to "<" and ">",
> or use "<pre>" tag.
> Otherwise, ant HTML/XML tags within will not be displayed correctly
> This problem occurs for ex. when using hadoopStreaming and
> a MapRed record is a chunk of HTML/XML content (and a task fails)
> ex. problematic view:
> http://jobtracker:50030/taskdetails.jsp?jobid=job_0009&taskid=tip_0009_m_000000
> Other jsp pages may also need a change.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
