Jacob Janco created MESOS-6947:
----------------------------------
Summary: Fix pailer XSS vulnerability
Key: MESOS-6947
URL: https://issues.apache.org/jira/browse/MESOS-6947
Project: Mesos
Issue Type: Improvement
Components: webui
Reporter: Jacob Janco
Assignee: Jacob Janco
There exists a XSS vulnerability in pailer.html.
`window.name` can be set to an external domain serving js which is wrapped in
`<script>` tags by the `getJSON` async call. A detailed example will follow
acceptance of the patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
