[ https://issues.apache.org/jira/browse/HBASE-17409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15797072#comment-15797072 ]
Ted Yu commented on HBASE-17409: -------------------------------- {code} 235 if (callbackName.matches("[A-Za-z0-9]+")) { {code} Should underscore be allowed ? > Re-fix XSS request issue in JMXJsonServlet > ------------------------------------------ > > Key: HBASE-17409 > URL: https://issues.apache.org/jira/browse/HBASE-17409 > Project: HBase > Issue Type: Sub-task > Components: security, UI > Reporter: Josh Elser > Assignee: Josh Elser > Fix For: 2.0.0, 1.4.0, 1.3.1 > > Attachments: HBASE-17409.001.patch > > > I have a patch here which should mitigate the XSS issue in this servlet > without the use of owasp. -- This message was sent by Atlassian JIRA (v6.3.4#6332)