liang xie created HBASE-7184: -------------------------------- Summary: pre-check table name in table.jsp Key: HBASE-7184 URL: https://issues.apache.org/jira/browse/HBASE-7184 Project: HBase Issue Type: Improvement Components: UI Affects Versions: 0.94.2, 0.96.0 Reporter: liang xie Assignee: liang xie Attachments: HBASE-7184.txt
Currently the (table)name parameter in table.jsp isn't checked, it brings two problems at least: 1) 500 error for invalid value 2) directly written to JSP output, giving reflected XSS vulnerability we can do a parameter-checking -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira