[
https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12695797#action_12695797
]
Hoss Man commented on HBASE-1299:
---------------------------------
it's been a while since i did anything with JSPs, but as i recall JSP 1.2 had a
standard taglib for escaping variables when outputing them.
i would suggest that it might be worth while to convert all the JSPs to JSP 2.0
(aka: *.jspx) where escaping variables on output is the default, because both
the templates and the output are garunteed to be wellformed XML (or xhtml if
that's what you're goal is)
> JSPs don't HTML escape literals (ie: table names, region names, start & end
> keys)
> ---------------------------------------------------------------------------------
>
> Key: HBASE-1299
> URL: https://issues.apache.org/jira/browse/HBASE-1299
> Project: Hadoop HBase
> Issue Type: Bug
> Affects Versions: 0.19.0, 0.19.1
> Reporter: Hoss Man
>
> similar to HBASE-1298, the various JSPs included with HBase for monitoring
> the system don't seem to do any HTML escaping when displaying user entered
> data which may contain special characters: table names, region names, start
> Keys, or end Keys
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
