XSS vulnerability in schema.jsp (patch included)
------------------------------------------------
Key: SOLR-1031
URL: https://issues.apache.org/jira/browse/SOLR-1031
Project: Solr
Issue Type: Bug
Components: web gui
Affects Versions: 1.3, 1.2
Reporter: Paul Lovvik
If javascript is embedded in any of the fields, it is possible for that
javascript to be executed when viewing the schema.
The javascript will appear in the "Top Terms" part of the UI.
I have created a simple patch to prevent this problem from occurring.
Hmmm... I apparently can't attach the patch, so here is the patch text:
Index: src/webapp/web/admin/schema.jsp
===================================================================
--- src/webapp/web/admin/schema.jsp (revision 746406)
+++ src/webapp/web/admin/schema.jsp (working copy)
@@ -490,14 +490,10 @@
var numTerms = 0;
$.each(topTerms, function(term, count) {
- var row = document.createElement('tr');
- var c1 = document.createElement('td');
- c1.innerHTML=term;
- var c2 = document.createElement('td');
- c2.innerHTML=count;
- row.appendChild(c1);
- row.appendChild(c2);
- tbody.appendChild(row);
+ var c1 = $('<td>').text(term);
+ var c2 = $('<td>').text(count);
+ var row = $('<tr>').append(c1).append(c2);
+ tbody.appendChild(row.get(0));
numTerms++;
});
tbl.appendChild(tbody);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
