Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17558

ZK dumping jsp should escape html

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

      Description

      Right now the ZK status page in the master dumps data from ZK using ZKUtil without doing any processing to e.g. escape HTML entities.

      ie.:

              <div class="container-fluid content">
                  <div class="row inner_header">
                      <div class="page-header">
                          <h1>ZooKeeper Dump</h1>
                      </div>
                  </div>
                  <div class="row">
                      <div class="span12">
                          <pre><%= ZKUtil.dump(watcher).trim() %></pre>
                      </div>
                  </div>
              </div>
      

      current url: https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83

        Attachments

        1. HBASE-17558.0.patch
          1 kB
          Sean Busbey

          Activity

            People

            • Assignee:
              busbey Sean Busbey
              Reporter:
              busbey Sean Busbey

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment