This is an automated email from the ASF dual-hosted git repository.
asnaik pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 76108a9 AMBARI-25387 Ambari-Web UI hosts Tab is vulnerable to XSS
attack (asnaik) (#3091)
76108a9 is described below
commit 76108a9a2347132a759a3bef273b9e674309b321
Author: Asnaik HWX <asn...@hortonworks.com>
AuthorDate: Tue Oct 1 17:23:46 2019 +0530
AMBARI-25387 Ambari-Web UI hosts Tab is vulnerable to XSS attack (asnaik)
(#3091)
---
ambari-web/app/views/common/helpers/format_word_break_view.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ambari-web/app/views/common/helpers/format_word_break_view.js
b/ambari-web/app/views/common/helpers/format_word_break_view.js
index 8601cdc..69ccf9e 100644
--- a/ambari-web/app/views/common/helpers/format_word_break_view.js
+++ b/ambari-web/app/views/common/helpers/format_word_break_view.js
@@ -38,7 +38,7 @@ App.FormatWordBreakView = Em.View.extend({
* @type {string}
*/
result: function() {
- var content = this.get('content') || '';
+ var content = Ember.Handlebars.Utils.escapeExpression(this.get('content'))
|| '';
var self = this;
['.', '_', '/'].forEach(function (delimiter) {
if (content.contains(delimiter)) {
