This is an automated email from the ASF dual-hosted git repository. alexantonenko pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push: new 3233d00 AMBARI-25439. XSS vulnerability for repo check hint new 706128d Merge pull request #3147 from hiveww/AMBARI-25439-branch-2.7 3233d00 is described below commit 3233d009445d524b93255a6a35de186416fb0ba6 Author: Alex Antonenko <aantone...@hortonworks.com> AuthorDate: Tue Dec 3 13:28:27 2019 +0200 AMBARI-25439. XSS vulnerability for repo check hint --- ambari-web/app/controllers/installer.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ambari-web/app/controllers/installer.js b/ambari-web/app/controllers/installer.js index fb47288..c3d7d3f 100644 --- a/ambari-web/app/controllers/installer.js +++ b/ambari-web/app/controllers/installer.js @@ -921,10 +921,12 @@ App.InstallerController = App.WizardController.extend(App.Persist, { var os = selectedStack.get('operatingSystems').findProperty('id', params.osId); var repo = os.get('repositories').findProperty('repoId', params.repoId); if (repo) { + var title = Ember.Handlebars.Utils.escapeExpression(request.status + ":" + request.statusText); + var content = Ember.Handlebars.Utils.escapeExpression($.parseJSON(request.responseText) ? $.parseJSON(request.responseText).message : ""); repo.setProperties({ validation: 'INVALID', - errorTitle: request.status + ":" + request.statusText, - errorContent: $.parseJSON(request.responseText) ? $.parseJSON(request.responseText).message : "" + errorTitle: title, + errorContent: content }); } }