David Smiley created SOLR-16476:
-----------------------------------
Summary: Don't need commons-text dependency in solr-core
Key: SOLR-16476
URL: https://issues.apache.org/jira/browse/SOLR-16476
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: David Smiley
I don't think we +really+ need commons-text in solr-core. I see it's for only
one usage:
https://github.com/apache/solr/blob/c99af207c761ec34812ef1cc3054eb2804b7448b/solr/core/src/java/org/apache/solr/servlet/LoadAdminUiServlet.java#L83
{noformat}
String[] search = new String[] {"${contextPath}", "${adminPath}", "${version}"};
String[] replace =
new String[] {
StringEscapeUtils.escapeEcmaScript(request.getContextPath()),
StringEscapeUtils.escapeEcmaScript(CommonParams.CORES_HANDLER_PATH),
StringEscapeUtils.escapeEcmaScript(pack.getSpecificationVersion())
};
{noformat}
But contextPath & adminPath are no longer in our admin pages. "version" is.
Regardless, I don't see why we need to escape EcmaScript; these variables come
from internal/validated sources that will not have user provided data that
could hack the pages.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
