[jira] [Updated] (HBASE-15329) Cross-Site Scripting: Reflected in table.jsp

Samir Ahmic (JIRA) Tue, 01 Mar 2016 11:37:48 -0800

     [ 
https://issues.apache.org/jira/browse/HBASE-15329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Samir Ahmic updated HBASE-15329:
--------------------------------
    Attachment: HBASE-15329_v0.patch

Here is simple patch encoding "fqtn" parameter for HTML to avoid XSS attack 
vector.

> Cross-Site Scripting: Reflected in table.jsp
> --------------------------------------------
>
>                 Key: HBASE-15329
>                 URL: https://issues.apache.org/jira/browse/HBASE-15329
>             Project: HBase
>          Issue Type: Bug
>          Components: security
>            Reporter: stack
>            Priority: Minor
>         Attachments: HBASE-15329_v0.patch
>
>
> Minor issue where we write back table name in a few places. Should clean it 
> up:
> {code}
>  } else { 
>       out.write("\n        <title>Table: ");
>       out.print( fqtn );
>       out.write("</title>\n    ");
>  } 
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (HBASE-15329) Cross-Site Scripting: Reflected in table.jsp

Reply via email to