You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2012/12/03 20:38:58 UTC

svn commit: r1416645 - in /hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master: table.jsp tablesDetailed.jsp

Author: stack
Date: Mon Dec  3 19:38:57 2012
New Revision: 1416645

URL: http://svn.apache.org/viewvc?rev=1416645&view=rev
Log:
HBASE-1299 JSPs don't HTML escape literals (ie: table names, region names, start & end keys)

Modified:
    hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
    hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp

Modified: hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp?rev=1416645&r1=1416644&r2=1416645&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp (original)
+++ hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/table.jsp Mon Dec  3 19:38:57 2012
@@ -18,11 +18,15 @@
  */
 --%>
 <%@ page contentType="text/html;charset=UTF-8"
+  import="static org.apache.commons.lang.StringEscapeUtils.escapeXml"
   import="java.util.HashMap"
+  import="java.util.List"
+  import="java.util.Map"
   import="org.apache.hadoop.conf.Configuration"
   import="org.apache.hadoop.hbase.client.HTable"
   import="org.apache.hadoop.hbase.client.HBaseAdmin"
   import="org.apache.hadoop.hbase.client.HConnectionManager"
+  import="org.apache.hadoop.hbase.HConstants"
   import="org.apache.hadoop.hbase.HRegionInfo"
   import="org.apache.hadoop.hbase.ServerName"
   import="org.apache.hadoop.hbase.ServerLoad"
@@ -30,10 +34,7 @@
   import="org.apache.hadoop.hbase.master.HMaster" 
   import="org.apache.hadoop.hbase.util.Bytes"
   import="org.apache.hadoop.hbase.util.FSUtils"
-  import="org.apache.hadoop.hbase.protobuf.ProtobufUtil"
-  import="java.util.List"
-  import="java.util.Map"
-  import="org.apache.hadoop.hbase.HConstants"%><%
+  import="org.apache.hadoop.hbase.protobuf.ProtobufUtil"%><%
   HMaster master = (HMaster)getServletContext().getAttribute(HMaster.MASTER);
   Configuration conf = master.getConfiguration();
   HBaseAdmin hbadmin = new HBaseAdmin(conf);
@@ -217,11 +218,11 @@
     String url = "http://" + metaLocation.getHostname() + ":" + infoPort + "/";
 %>
 <tr>
-  <td><%= meta.getRegionNameAsString() %></td>
+  <td><%= escapeXml(meta.getRegionNameAsString()) %></td>
     <td><a href="<%= url %>"><%= metaLocation.getHostname().toString() + ":" + infoPort %></a></td>
     <td>-</td>
-    <td><%= Bytes.toString(meta.getStartKey()) %></td>
-    <td><%= Bytes.toString(meta.getEndKey()) %></td>
+    <td><%= escapeXml(Bytes.toString(meta.getStartKey())) %></td>
+    <td><%= escapeXml(Bytes.toString(meta.getEndKey())) %></td>
 </tr>
 <%  } %>
 </table>
@@ -281,7 +282,7 @@
     }
 %>
 <tr>
-  <td><%= Bytes.toStringBinary(regionInfo.getRegionName())%></td>
+  <td><%= escapeXml(Bytes.toStringBinary(regionInfo.getRegionName())) %></td>
   <%
   if (urlRegionServer != null) {
   %>
@@ -295,8 +296,8 @@
   <%
   }
   %>
-  <td><%= Bytes.toStringBinary(regionInfo.getStartKey())%></td>
-  <td><%= Bytes.toStringBinary(regionInfo.getEndKey())%></td>
+  <td><%= escapeXml(Bytes.toStringBinary(regionInfo.getStartKey())) %></td>
+  <td><%= escapeXml(Bytes.toStringBinary(regionInfo.getEndKey())) %></td>
   <td><%= req%></td>
 </tr>
 <% } %>

Modified: hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp?rev=1416645&r1=1416644&r2=1416645&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp (original)
+++ hbase/trunk/hbase-server/src/main/resources/hbase-webapps/master/tablesDetailed.jsp Mon Dec  3 19:38:57 2012
@@ -18,6 +18,7 @@
  */
 --%>
 <%@ page contentType="text/html;charset=UTF-8"
+  import="static org.apache.commons.lang.StringEscapeUtils.escapeXml"
   import="java.util.*"
   import="org.apache.hadoop.util.StringUtils"
   import="org.apache.hadoop.conf.Configuration"
@@ -89,8 +90,8 @@
 </tr>
 <%   for(HTableDescriptor htDesc : tables ) { %>
 <tr>
-    <td><%= htDesc.getNameAsString() %></td>
-    <td><%= htDesc.toString() %></td>
+    <td><%= escapeXml(htDesc.getNameAsString()) %></td>
+    <td><%= escapeXml(htDesc.toString()) %></td>
 </tr>
 <%   }  %>