[
https://issues.apache.org/jira/browse/HBASE-17409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15799212#comment-15799212
]
Josh Elser commented on HBASE-17409:
------------------------------------
bq. Should underscore be allowed ?
It's up to us. We can add that in and I don't think it would have any
implications.
It looks like the full list of valid of javascript function names is rather
long/intense
(http://stackoverflow.com/questions/1661197/what-characters-are-valid-for-javascript-variable-names).
Choosing alphanumeric just makes things easier :). Happy to add the underscore
if you think that's a good idea, Ted.
> Re-fix XSS request issue in JMXJsonServlet
> ------------------------------------------
>
> Key: HBASE-17409
> URL: https://issues.apache.org/jira/browse/HBASE-17409
> Project: HBase
> Issue Type: Sub-task
> Components: security, UI
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 2.0.0, 1.4.0, 1.3.1
>
> Attachments: HBASE-17409.001.patch
>
>
> I have a patch here which should mitigate the XSS issue in this servlet
> without the use of owasp.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
