Re: Review Request 58657: Remove user input from invalid renderer error message

Sebastian Toader Mon, 24 Apr 2017 01:55:32 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/#review172761
-----------------------------------------------------------



Ship it!




Ship It!

- Sebastian Toader


On April 24, 2017, 9:59 a.m., Attila Magyar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58657/
> -----------------------------------------------------------
> 
> (Updated April 24, 2017, 9:59 a.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and 
> Sebastian Toader.
> 
> 
> Bugs: AMBARI-20823
>     https://issues.apache.org/jira/browse/AMBARI-20823
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Remove user input from invalid renderer error message to avoid potential XSS 
> attacks.
> 
> throw new IllegalArgumentException("Invalid renderer name: " + name + " for 
> resource of type: " + m_type);
> should be removed and the error message changed to: "Invalid renderer name 
> for resource of type <resource type>"
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java
>  99bcd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java
>  e076268 
> 
> 
> Diff: https://reviews.apache.org/r/58657/diff/1/
> 
> 
> Testing
> -------
> 
> modified existing unittest
> 
> existing tests: passed
> 
> 
> Thanks,
> 
> Attila Magyar
> 
>

Re: Review Request 58657: Remove user input from invalid renderer error message

Reply via email to