[
https://issues.apache.org/jira/browse/HDFS-11441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron T. Myers updated HDFS-11441:
----------------------------------
Attachment: HDFS-11441.patch
Thanks a lot for the review, [~andrew.wang]. You're quite right - turns out
there's a quoting input filter that handles escaping for anything using
{{HttpServer}} or {{HttpServer2}}. I manually checked every instance I was
trying to fix in this patch, and the only thing that isn't covered is the
{{KMSAuthenticationFilter}}, which runs using Tomcat, and so I don't think has
any quoting to this point.
Attaching a new patch which just covers that spot.
> Add escaping to error messages in web UIs
> -----------------------------------------
>
> Key: HDFS-11441
> URL: https://issues.apache.org/jira/browse/HDFS-11441
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 2.8.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Priority: Minor
> Attachments: HDFS-11441-branch-2.6.patch, HDFS-11441.patch,
> HDFS-11441.patch
>
>
> There's a handful of places where web UIs don't escape error messages. We
> should add escaping in these places.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
