This is an automated email from the ASF dual-hosted git repository. asnaik pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push: new 76108a9 AMBARI-25387 Ambari-Web UI hosts Tab is vulnerable to XSS attack (asnaik) (#3091) 76108a9 is described below commit 76108a9a2347132a759a3bef273b9e674309b321 Author: Asnaik HWX <asn...@hortonworks.com> AuthorDate: Tue Oct 1 17:23:46 2019 +0530 AMBARI-25387 Ambari-Web UI hosts Tab is vulnerable to XSS attack (asnaik) (#3091) --- ambari-web/app/views/common/helpers/format_word_break_view.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ambari-web/app/views/common/helpers/format_word_break_view.js b/ambari-web/app/views/common/helpers/format_word_break_view.js index 8601cdc..69ccf9e 100644 --- a/ambari-web/app/views/common/helpers/format_word_break_view.js +++ b/ambari-web/app/views/common/helpers/format_word_break_view.js @@ -38,7 +38,7 @@ App.FormatWordBreakView = Em.View.extend({ * @type {string} */ result: function() { - var content = this.get('content') || ''; + var content = Ember.Handlebars.Utils.escapeExpression(this.get('content')) || ''; var self = this; ['.', '_', '/'].forEach(function (delimiter) { if (content.contains(delimiter)) {