Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-1299

JSPs don't HTML escape literals (ie: table names, region names, start & end keys)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.19.0, 0.19.1
    • 0.95.0
    • None
    • None
    • Reviewed
    • noob

    Description

      similar to HBASE-1298, the various JSPs included with HBase for monitoring the system don't seem to do any HTML escaping when displaying user entered data which may contain special characters: table names, region names, start Keys, or end Keys

      Attachments

        1. 1299.patch
          4 kB
          Nick Dimiduk

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. HBASE-5968 Proper html escaping for region names

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-11356 Escape regionName, start/endKey in web page.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              ndimiduk Nick Dimiduk
              hossman Chris M. Hostetter
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: