liang xie created HBASE-7184:
--------------------------------
Summary: pre-check table name in table.jsp
Key: HBASE-7184
URL: https://issues.apache.org/jira/browse/HBASE-7184
Project: HBase
Issue Type: Improvement
Components: UI
Affects Versions: 0.94.2, 0.96.0
Reporter: liang xie
Assignee: liang xie
Attachments: HBASE-7184.txt
Currently the (table)name parameter in table.jsp isn't checked, it brings two
problems at least:
1) 500 error for invalid value
2) directly written to JSP output, giving reflected XSS vulnerability
we can do a parameter-checking
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
