[ https://issues.apache.org/jira/browse/FLINK-2789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu moved HBASE-14514 to FLINK-2789: --------------------------------------- Workflow: jira (was: no-reopen-closed, patch-avail) Key: FLINK-2789 (was: HBASE-14514) Project: Flink (was: HBase) > Vulnerability to XSS attack due to printing HTML output > ------------------------------------------------------- > > Key: FLINK-2789 > URL: https://issues.apache.org/jira/browse/FLINK-2789 > Project: Flink > Issue Type: Bug > Reporter: Ted Yu > > In > flink-clients/src/main/java/org/apache/flink/client/web/PlanDisplayServlet.java > : > {code} > 113 writer.println(" // register the event handler > for the 'run' button and activate zoom Buttons\n" > 114 + " activateZoomButtons();" > 115 + " > $('#run_button').click(function () {\n" + " > $('#run_button').remove();\n" > 116 + " $.ajax( {" + " > url: '/runJob'," + " data: { action: 'runsubmitted', id: '" + uid + "' }," > 117 + " success: function () { > alert('Job succesfully submitted');" > 118 + (this.runtimeVisURL != null > ? (" window.location = \"" + this.runtimeVisURL + "\"; },") : " },") > {code} > Printing HTML output induces XSS vulnerability -- This message was sent by Atlassian JIRA (v6.3.4#6332)