[ https://issues.apache.org/jira/browse/FLINK-2789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Yu updated FLINK-2789: -------------------------- Priority: Minor (was: Major) > Vulnerability to XSS attack due to printing HTML output > ------------------------------------------------------- > > Key: FLINK-2789 > URL: https://issues.apache.org/jira/browse/FLINK-2789 > Project: Flink > Issue Type: Bug > Reporter: Ted Yu > Priority: Minor > > In > flink-clients/src/main/java/org/apache/flink/client/web/PlanDisplayServlet.java > : > {code} > 113 writer.println(" // register the event handler > for the 'run' button and activate zoom Buttons\n" > 114 + " activateZoomButtons();" > 115 + " > $('#run_button').click(function () {\n" + " > $('#run_button').remove();\n" > 116 + " $.ajax( {" + " > url: '/runJob'," + " data: { action: 'runsubmitted', id: '" + uid + "' }," > 117 + " success: function () { > alert('Job succesfully submitted');" > 118 + (this.runtimeVisURL != null > ? (" window.location = \"" + this.runtimeVisURL + "\"; },") : " },") > {code} > Printing HTML output induces XSS vulnerability -- This message was sent by Atlassian JIRA (v6.3.4#6332)