[jira] [Commented] (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13508896#comment-13508896 ] Sergey Shelukhin commented on HBASE-1299: - +1 on patch JSPs don't HTML escape literals (ie: table names, region names, start end keys) - Key: HBASE-1299 URL: https://issues.apache.org/jira/browse/HBASE-1299 Project: HBase Issue Type: Bug Affects Versions: 0.19.0, 0.19.1 Reporter: Hoss Man Assignee: Nick Dimiduk Attachments: 1299.patch similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13508966#comment-13508966 ] Elliott Clark commented on HBASE-1299: -- +1 JSPs don't HTML escape literals (ie: table names, region names, start end keys) - Key: HBASE-1299 URL: https://issues.apache.org/jira/browse/HBASE-1299 Project: HBase Issue Type: Bug Affects Versions: 0.19.0, 0.19.1 Reporter: Hoss Man Assignee: Nick Dimiduk Attachments: 1299.patch similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13508990#comment-13508990 ] Nick Dimiduk commented on HBASE-1299: - Fails 0.94 because these files moved on trunk. `git checkout 0.94 cd src/main/resources/hbase-webapps/master patch` 1299.patch may work. JSPs don't HTML escape literals (ie: table names, region names, start end keys) - Key: HBASE-1299 URL: https://issues.apache.org/jira/browse/HBASE-1299 Project: HBase Issue Type: Bug Affects Versions: 0.19.0, 0.19.1 Reporter: Hoss Man Assignee: Nick Dimiduk Fix For: 0.96.0 Attachments: 1299.patch similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13509025#comment-13509025 ] Hudson commented on HBASE-1299: --- Integrated in HBase-TRUNK #3587 (See [https://builds.apache.org/job/HBase-TRUNK/3587/]) HBASE-1299 JSPs don't HTML escape literals (ie: table names, region names, start end keys) (Revision 1416645) Result = FAILURE stack : Files : * /hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp * /hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp JSPs don't HTML escape literals (ie: table names, region names, start end keys) - Key: HBASE-1299 URL: https://issues.apache.org/jira/browse/HBASE-1299 Project: HBase Issue Type: Bug Affects Versions: 0.19.0, 0.19.1 Reporter: Hoss Man Assignee: Nick Dimiduk Fix For: 0.96.0 Attachments: 1299.patch similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13509353#comment-13509353 ] Hudson commented on HBASE-1299: --- Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #284 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/284/]) HBASE-1299 JSPs don't HTML escape literals (ie: table names, region names, start end keys) (Revision 1416645) Result = FAILURE stack : Files : * /hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp * /hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp JSPs don't HTML escape literals (ie: table names, region names, start end keys) - Key: HBASE-1299 URL: https://issues.apache.org/jira/browse/HBASE-1299 Project: HBase Issue Type: Bug Affects Versions: 0.19.0, 0.19.1 Reporter: Hoss Man Assignee: Nick Dimiduk Fix For: 0.96.0 Attachments: 1299.patch similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[
https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13507799#comment-13507799
]
Nick Dimiduk commented on HBASE-1299:
-
steps to repro:
create 't1', {NAME = 'f1'}
put 't1', scriptalert('hello world');/script, 'f1:foo', 0
split 't1', scriptalert('hello world');/script
open http://localhost:60010/table.jsp?name=t1
alerts will pop.
JSPs don't HTML escape literals (ie: table names, region names, start end
keys)
-
Key: HBASE-1299
URL: https://issues.apache.org/jira/browse/HBASE-1299
Project: HBase
Issue Type: Bug
Affects Versions: 0.19.0, 0.19.1
Reporter: Hoss Man
Attachments: 1299.patch
similar to HBASE-1298, the various JSPs included with HBase for monitoring
the system don't seem to do any HTML escaping when displaying user entered
data which may contain special characters: table names, region names, start
Keys, or end Keys
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (HBASE-1299) JSPs don't HTML escape literals (ie: table names, region names, start end keys)
[ https://issues.apache.org/jira/browse/HBASE-1299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12918267#action_12918267 ] ryan rawson commented on HBASE-1299: with the binary escaping this issue is much abated, since by default we only get 0-9A-Za-z and a few others (eg: -_ etc). JSPs don't HTML escape literals (ie: table names, region names, start end keys) - Key: HBASE-1299 URL: https://issues.apache.org/jira/browse/HBASE-1299 Project: HBase Issue Type: Bug Affects Versions: 0.19.0, 0.19.1 Reporter: Hoss Man Fix For: 0.90.0 similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
