You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ak...@apache.org on 2018/09/13 13:16:15 UTC
[ambari] branch trunk updated (ffeaf06 -> e3c3e34)
This is an automated email from the ASF dual-hosted git repository.
akovalenko pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git.
from ffeaf06 AMBARI-24621. Badge with count of empty or invalid properties are missed ar the services panel during cluster installation (akovalenko)
new 8c9b50c AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
new e3c3e34 AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
ambari-web/app/messages.js | 4 ++--
ambari-web/app/templates/common/host_progress_popup.hbs | 2 +-
ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs | 2 +-
ambari-web/app/templates/main/alerts/definition_details.hbs | 2 +-
ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs | 6 +++---
ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 4 ++--
ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs | 4 ++--
ambari-web/app/templates/main/host/logs.hbs | 2 +-
ambari-web/app/templates/main/service/info/summary.hbs | 4 ++--
9 files changed, 15 insertions(+), 15 deletions(-)
[ambari] 01/02: AMBARI-24628. Fix possible "Phishing by Navigating
Browser Tabs" vulnerability (akovalenko)
Posted by ak...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
akovalenko pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
commit 8c9b50cdd4e091312277067bf4c142deb23c8f16
Author: Aleksandr Kovalenko <ak...@apache.org>
AuthorDate: Thu Sep 13 13:10:18 2018 +0300
AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
---
ambari-web/app/messages.js | 4 ++--
ambari-web/app/templates/common/host_progress_popup.hbs | 2 +-
ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs | 2 +-
ambari-web/app/templates/main/alerts/definition_details.hbs | 2 +-
ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs | 6 +++---
ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 4 ++--
ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs | 4 ++--
ambari-web/app/templates/main/host/logs.hbs | 2 +-
ambari-web/app/templates/main/service/info/summary.hbs | 4 ++--
9 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js
index c58ea6a..4b8deb5 100644
--- a/ambari-web/app/messages.js
+++ b/ambari-web/app/messages.js
@@ -29,7 +29,7 @@ Em.I18n.translations = {
'app.redirectIssuePopup.header': 'Login Redirect Issue',
'app.redirectIssuePopup.body': 'For single sign-on, make sure that Knox Gateway and Ambari Server are located on the same host or subdomain.' +
'<br/>Alternatively login as an Ambari local user using the local login page.<br />' +
- '<a href="{0}" target="_blank">{0}</a>',
+ '<a rel="noopener noreferrer" href="{0}" target="_blank">{0}</a>',
'app.loadingPlaceholder': 'Loading...',
'app.versionMismatchAlert.title': 'Ambari Server / Web Client Version Mismatch',
@@ -2353,7 +2353,7 @@ Em.I18n.translations = {
'services.service.config.configHistory.makeCurrent.message': 'Created from service config version {0}',
'services.service.config.configHistory.comparing': 'Comparing Changes in',
'services.service.config.setRecommendedValue': 'Set Recommended',
- 'services.service.config.database.msg.jdbcSetup.detailed': 'To use {0} with {6}, you must <a href="{3}" target="_blank">' +
+ 'services.service.config.database.msg.jdbcSetup.detailed': 'To use {0} with {6}, you must <a rel="noopener noreferrer" href="{3}" target="_blank">' +
'download the {4} from {0}</a>. Once downloaded to the Ambari Server host, run: <br/>' +
'<b>ambari-server setup --jdbc-db={1} --jdbc-driver=/path/to/{1}/{2}</b>',
diff --git a/ambari-web/app/templates/common/host_progress_popup.hbs b/ambari-web/app/templates/common/host_progress_popup.hbs
index ec36333..a7e3b98 100644
--- a/ambari-web/app/templates/common/host_progress_popup.hbs
+++ b/ambari-web/app/templates/common/host_progress_popup.hbs
@@ -343,7 +343,7 @@
<strong class="muted">{{hostLog.fileName}}</strong>
{{#view App.LogSearchUILinkView linkQueryParamsBinding="hostLog.linkTail" tagName="span"}}
<a {{bindAttr href="view.formatedLink" class=":pull-right view.isLodaded::disabled"}}
- target="_blank">
+ target="_blank" rel="noopener noreferrer">
<i class="icon-external-link"></i>
{{t popup.logTail.openInLogSearch}}</a>
{{/view}}
diff --git a/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs b/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs
index 1b0a6d0..2f42c6e 100644
--- a/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs
+++ b/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs
@@ -29,7 +29,7 @@
<i class="icon-external-link"></i>
{{t common.open}}
</a>
- <a class="open-in-log-search" {{bindAttr href="view.logSearchUrl"}} target="_blank">
+ <a class="open-in-log-search" {{bindAttr href="view.logSearchUrl"}} target="_blank" rel="noopener noreferrer">
<i class="icon-external-link"></i>
{{t popup.logTail.openInLogSearch}}
</a>
diff --git a/ambari-web/app/templates/main/alerts/definition_details.hbs b/ambari-web/app/templates/main/alerts/definition_details.hbs
index 7423cb0..e721db7 100644
--- a/ambari-web/app/templates/main/alerts/definition_details.hbs
+++ b/ambari-web/app/templates/main/alerts/definition_details.hbs
@@ -193,7 +193,7 @@
{{#if controller.content.hasHelpUrl}}
<div class="row">
<div class="col-md-5 property-name">{{t alerts.table.header.helpUrl}}:</div>
- <div class="col-md-7"><label for=""><a {{bindAttr href="controller.content.helpUrl"}} target="_blank">{{t common.link}}</a></label></div>
+ <div class="col-md-7"><label for=""><a {{bindAttr href="controller.content.helpUrl"}} target="_blank" rel="noopener noreferrer">{{t common.link}}</a></label></div>
</div>
{{/if}}
</div>
diff --git a/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs
index fe7cad4..8fb2b89 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs
@@ -54,7 +54,7 @@
<td>
{{#if view.activeMaster}}
<a {{bindAttr href="view.hbaseMasterWebUrl"}}
- target="_blank">{{t dashboard.services.hbase.masterWebUI}}</a>
+ target="_blank" rel="noopener noreferrer">{{t dashboard.services.hbase.masterWebUI}}</a>
{{else}}
{{t services.service.summary.notAvailable}}
{{/if}}
@@ -81,7 +81,7 @@
<a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a>
<ul class="dropdown-menu">
{{#each quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
</ul>
</li>
@@ -89,7 +89,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}
diff --git a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
index 4b0669b..7e482b0 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
@@ -101,7 +101,7 @@
<a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a>
<ul class="dropdown-menu">
{{#each quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
</ul>
</li>
@@ -109,7 +109,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank rel="noopener noreferrer"">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}
diff --git a/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs
index 68bb54b..0ac48a7 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs
@@ -66,7 +66,7 @@
<a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a>
<ul class="dropdown-menu">
{{#each quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
</ul>
</li>
@@ -74,7 +74,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}
diff --git a/ambari-web/app/templates/main/host/logs.hbs b/ambari-web/app/templates/main/host/logs.hbs
index 6d4066b..3ec1f35 100644
--- a/ambari-web/app/templates/main/host/logs.hbs
+++ b/ambari-web/app/templates/main/host/logs.hbs
@@ -43,7 +43,7 @@
<div>
<a {{action openLogFile row file.filePath target="view.parentView"}} href="#" rel="log-file-name-tooltip" {{bindAttr data-original-title="file.filePath"}}>{{file.fileName}}</a>
{{#view App.LogSearchUILinkView linkQueryParamsBinding="file.linkTail" tagName="span"}}
- <a {{bindAttr href="view.formatedLink"}} target="_blank" rel="log-file-name-tooltip" {{translateAttr title="popup.logTail.openInLogSearch"}} class="pull-right external-link">
+ <a {{bindAttr href="view.formatedLink"}} target="_blank" rel="log-file-name-tooltip noopener noreferrer" {{translateAttr title="popup.logTail.openInLogSearch"}} class="pull-right external-link">
<i class="icon-external-link"></i>
{{t popup.logTail.openInLogSearch}}
</a>
diff --git a/ambari-web/app/templates/main/service/info/summary.hbs b/ambari-web/app/templates/main/service/info/summary.hbs
index 9dead92..82f5e55 100644
--- a/ambari-web/app/templates/main/service/info/summary.hbs
+++ b/ambari-web/app/templates/main/service/info/summary.hbs
@@ -100,7 +100,7 @@
{{#each quickLinks in group.links}}
<h6>{{quickLinks.publicHostNameLabel}}</h6>
{{#each quickLinks}}
- <a {{bindAttr href="url"}} target="_blank">{{label}}</a>
+ <a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a>
{{/each}}
{{/each}}
</div>
@@ -108,7 +108,7 @@
{{else}}
{{#if view.quickLinks}}
{{#each view.quickLinks}}
- <a {{bindAttr href="url"}} target="_blank">{{label}}</a>
+ <a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a>
{{/each}}
{{else}}
<div class="alert alert-danger">
[ambari] 02/02: AMBARI-24628. Fix possible "Phishing by Navigating
Browser Tabs" vulnerability (akovalenko)
Posted by ak...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
akovalenko pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
commit e3c3e34b317009d39a1e795c1c5c01767e69bbfb
Author: Aleksandr Kovalenko <ak...@apache.org>
AuthorDate: Thu Sep 13 13:36:02 2018 +0300
AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
---
ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
index 7e482b0..0b4a673 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
@@ -109,7 +109,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank rel="noopener noreferrer"">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}