[jira] [Updated] (HBASE-17558) ZK dumping jsp should escape html

Fri, 27 Jan 2017 11:49:43 -0800 

     [ 
https://issues.apache.org/jira/browse/HBASE-17558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sean Busbey updated HBASE-17558:
--------------------------------
    Description: 
Right now the ZK status page in the master dumps data from ZK using ZKUtil 
without doing any processing to e.g. escape HTML entities.

ie.:

{code}
        <div class="container-fluid content">
            <div class="row inner_header">
                <div class="page-header">
                    <h1>ZooKeeper Dump</h1>
                </div>
            </div>
            <div class="row">
                <div class="span12">
                    <pre><%= ZKUtil.dump(watcher).trim() %></pre>
                </div>
            </div>
        </div>
{code}

current url: 
https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83

  was:
Right now the ZK status page in the master dumps data from ZK using ZKUtil 
without doing any processing to e.g. escape HTML entities.

ie.:

{codE}
        <div class="container-fluid content">
            <div class="row inner_header">
                <div class="page-header">
                    <h1>ZooKeeper Dump</h1>
                </div>
            </div>
            <div class="row">
                <div class="span12">
                    <pre><%= ZKUtil.dump(watcher).trim() %></pre>
                </div>
            </div>
        </div>
{code}

current url: 
https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83


> ZK dumping jsp should escape html 
> ----------------------------------
>
>                 Key: HBASE-17558
>                 URL: https://issues.apache.org/jira/browse/HBASE-17558
>             Project: HBase
>          Issue Type: Bug
>          Components: security, UI
>            Reporter: Sean Busbey
>            Priority: Minor
>
> Right now the ZK status page in the master dumps data from ZK using ZKUtil 
> without doing any processing to e.g. escape HTML entities.
> ie.:
> {code}
>         <div class="container-fluid content">
>             <div class="row inner_header">
>                 <div class="page-header">
>                     <h1>ZooKeeper Dump</h1>
>                 </div>
>             </div>
>             <div class="row">
>                 <div class="span12">
>                     <pre><%= ZKUtil.dump(watcher).trim() %></pre>
>                 </div>
>             </div>
>         </div>
> {code}
> current url: 
> https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to