subject:"\[jira\] \[Updated\] \(YARN\-1993\) Cross\-site scripting vulnerability in TextView.java"

[jira] [Updated] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2015-05-02 Thread Tsuyoshi Ozawa (JIRA)


 [ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tsuyoshi Ozawa updated YARN-1993:
-
Assignee: Kenji Kikushima

 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
Assignee: Kenji Kikushima
 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2014-05-15 Thread Kenji Kikushima (JIRA)


 [ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kenji Kikushima updated YARN-1993:
--

Attachment: YARN-1993.patch

For example, how about to use StringEscapeUtils like this patch?

 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu
 Attachments: YARN-1993.patch


 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (YARN-1993) Cross-site scripting vulnerability in TextView.java

2014-05-11 Thread Ted Yu (JIRA)


 [ 
https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ted Yu updated YARN-1993:
-

Component/s: webapp

 Cross-site scripting vulnerability in TextView.java
 ---

 Key: YARN-1993
 URL: https://issues.apache.org/jira/browse/YARN-1993
 Project: Hadoop YARN
  Issue Type: Bug
  Components: webapp
Reporter: Ted Yu

 In 
 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
  , method echo() e.g. :
 {code}
 for (Object s : args) {
   out.print(s);
 }
 {code}
 Printing s to an HTML page allows cross-site scripting, because it was not 
 properly sanitized for context HTML attribute name.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (YARN-1993) Cross-site scripting vulnerability in TextView.java

[jira] [Updated] (YARN-1993) Cross-site scripting vulnerability in TextView.java

[jira] [Updated] (YARN-1993) Cross-site scripting vulnerability in TextView.java

3 matches

Site Navigation

Mail list logo

Footer information