[AMBARI-20823] Remove user input from invalid renderer error message - ASF JIRA

XML

Word

Printable

JSON

Remove user input from invalid renderer error message to avoid potential XSS attacks.

The user input data returned in the exception thrown at

org/apache/ambari/server/api/resources/BaseResourceDefinition.java:135

      throw new IllegalArgumentException("Invalid renderer name: " + name +
          " for resource of type: " + m_type);

should be removed and the error message changed to:

Invalid renderer name for resource of type <resource type>.m

or simply

Invalid renderer name.

links to

review board