----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55691/#review162303 -----------------------------------------------------------
Hi, seems set `document.cookie` could work instead of use localstorage. The problem of localstorage is not supported some old browsers. Have you try set cookie before? src/webui/master/static/pailer.html (lines 46 - 68) <https://reviews.apache.org/r/55691/#comment233636> I think we remove this snippet? src/webui/master/static/pailer.html (line 80) <https://reviews.apache.org/r/55691/#comment233635> I think we could `localStorage.getItem/removeItem` above and use it here directly? - haosdent huang On Jan. 18, 2017, 11:40 p.m., Jacob Janco wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55691/ > ----------------------------------------------------------- > > (Updated Jan. 18, 2017, 11:40 p.m.) > > > Review request for mesos, haosdent huang and Jiang Yan Xu. > > > Bugs: MESOS-6947 > https://issues.apache.org/jira/browse/MESOS-6947 > > > Repository: mesos > > > Description > ------- > > Fix XSS vulnerability in pailer invocation. > > > Diffs > ----- > > src/webui/master/static/js/controllers.js > 388ca2447716cbc7141da6a20daf2340621a16e8 > src/webui/master/static/pailer.html > 19e0981143bd7e8372b49f4f036867e9dd05727a > > Diff: https://reviews.apache.org/r/55691/diff/ > > > Testing > ------- > > make -j8 + test framework + checking pailer representation of files in sandbox > > > Thanks, > > Jacob Janco > >
