From 251f3683d21a94baa19c16e9b918b4789ffeca6b Mon Sep 17 00:00:00 2001 From: Sean Busbey Date: Thu, 9 Feb 2017 18:29:32 -0800 Subject: [PATCH] HBASE-17558 ZK dumping jsp should escape HTML. --- hbase-server/src/main/resources/hbase-webapps/master/zk.jsp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp b/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp index 687c950..6cd6c92 100644 --- a/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp +++ b/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp @@ -18,6 +18,7 @@ */ --%> <%@ page contentType="text/html;charset=UTF-8" + import="org.apache.commons.lang.StringEscapeUtils" import="org.apache.hadoop.hbase.zookeeper.ZKUtil" import="org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher" import="org.apache.hadoop.hbase.HBaseConfiguration" @@ -80,7 +81,7 @@
-
<%= ZKUtil.dump(watcher).trim() %>
+
<%= StringEscapeUtils.escapeHtml(ZKUtil.dump(watcher).trim()) %>
-- 2.7.2