You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ak...@apache.org on 2018/09/13 13:18:29 UTC
[ambari] branch branch-2.7 updated (a5736fa -> f8c700f)
This is an automated email from the ASF dual-hosted git repository.
akovalenko pushed a change to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git.
from a5736fa AMBARI-24623. hdfsResource fails to using nameservices for filesystems which does not support that (aonishuk)
new c0108ad AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
new f8c700f AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
ambari-web/app/messages.js | 4 ++--
ambari-web/app/templates/common/host_progress_popup.hbs | 2 +-
ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs | 2 +-
ambari-web/app/templates/main/alerts/definition_details.hbs | 2 +-
ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs | 6 +++---
ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 4 ++--
ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs | 4 ++--
ambari-web/app/templates/main/host/logs.hbs | 2 +-
ambari-web/app/templates/main/service/info/summary.hbs | 4 ++--
9 files changed, 15 insertions(+), 15 deletions(-)
[ambari] 01/02: AMBARI-24628. Fix possible "Phishing by Navigating
Browser Tabs" vulnerability (akovalenko)
Posted by ak...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
akovalenko pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
commit c0108addcb41f4d185293d347003e62ee8f687ce
Author: Aleksandr Kovalenko <ak...@apache.org>
AuthorDate: Thu Sep 13 13:12:37 2018 +0300
AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
---
ambari-web/app/messages.js | 4 ++--
ambari-web/app/templates/common/host_progress_popup.hbs | 2 +-
ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs | 2 +-
ambari-web/app/templates/main/alerts/definition_details.hbs | 2 +-
ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs | 6 +++---
ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 4 ++--
ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs | 4 ++--
ambari-web/app/templates/main/host/logs.hbs | 2 +-
ambari-web/app/templates/main/service/info/summary.hbs | 4 ++--
9 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js
index 6883dc5..81f62e9 100644
--- a/ambari-web/app/messages.js
+++ b/ambari-web/app/messages.js
@@ -29,7 +29,7 @@ Em.I18n.translations = {
'app.redirectIssuePopup.header': 'Login Redirect Issue',
'app.redirectIssuePopup.body': 'For single sign-on, make sure that Knox Gateway and Ambari Server are located on the same host or subdomain.' +
'<br/>Alternatively login as an Ambari local user using the local login page.<br />' +
- '<a href="{0}" target="_blank">{0}</a>',
+ '<a rel="noopener noreferrer" href="{0}" target="_blank">{0}</a>',
'app.loadingPlaceholder': 'Loading...',
'app.versionMismatchAlert.title': 'Ambari Server / Web Client Version Mismatch',
@@ -2349,7 +2349,7 @@ Em.I18n.translations = {
'services.service.config.configHistory.makeCurrent.message': 'Created from service config version {0}',
'services.service.config.configHistory.comparing': 'Comparing Changes in',
'services.service.config.setRecommendedValue': 'Set Recommended',
- 'services.service.config.database.msg.jdbcSetup.detailed': 'To use {0} with {6}, you must <a href="{3}" target="_blank">' +
+ 'services.service.config.database.msg.jdbcSetup.detailed': 'To use {0} with {6}, you must <a rel="noopener noreferrer" href="{3}" target="_blank">' +
'download the {4} from {0}</a>. Once downloaded to the Ambari Server host, run: <br/>' +
'<b>ambari-server setup --jdbc-db={1} --jdbc-driver=/path/to/{1}/{2}</b>',
diff --git a/ambari-web/app/templates/common/host_progress_popup.hbs b/ambari-web/app/templates/common/host_progress_popup.hbs
index ec36333..a7e3b98 100644
--- a/ambari-web/app/templates/common/host_progress_popup.hbs
+++ b/ambari-web/app/templates/common/host_progress_popup.hbs
@@ -343,7 +343,7 @@
<strong class="muted">{{hostLog.fileName}}</strong>
{{#view App.LogSearchUILinkView linkQueryParamsBinding="hostLog.linkTail" tagName="span"}}
<a {{bindAttr href="view.formatedLink" class=":pull-right view.isLodaded::disabled"}}
- target="_blank">
+ target="_blank" rel="noopener noreferrer">
<i class="icon-external-link"></i>
{{t popup.logTail.openInLogSearch}}</a>
{{/view}}
diff --git a/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs b/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs
index 1b0a6d0..2f42c6e 100644
--- a/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs
+++ b/ambari-web/app/templates/common/modal_popups/log_tail_popup.hbs
@@ -29,7 +29,7 @@
<i class="icon-external-link"></i>
{{t common.open}}
</a>
- <a class="open-in-log-search" {{bindAttr href="view.logSearchUrl"}} target="_blank">
+ <a class="open-in-log-search" {{bindAttr href="view.logSearchUrl"}} target="_blank" rel="noopener noreferrer">
<i class="icon-external-link"></i>
{{t popup.logTail.openInLogSearch}}
</a>
diff --git a/ambari-web/app/templates/main/alerts/definition_details.hbs b/ambari-web/app/templates/main/alerts/definition_details.hbs
index 7423cb0..e721db7 100644
--- a/ambari-web/app/templates/main/alerts/definition_details.hbs
+++ b/ambari-web/app/templates/main/alerts/definition_details.hbs
@@ -193,7 +193,7 @@
{{#if controller.content.hasHelpUrl}}
<div class="row">
<div class="col-md-5 property-name">{{t alerts.table.header.helpUrl}}:</div>
- <div class="col-md-7"><label for=""><a {{bindAttr href="controller.content.helpUrl"}} target="_blank">{{t common.link}}</a></label></div>
+ <div class="col-md-7"><label for=""><a {{bindAttr href="controller.content.helpUrl"}} target="_blank" rel="noopener noreferrer">{{t common.link}}</a></label></div>
</div>
{{/if}}
</div>
diff --git a/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs
index fe7cad4..8fb2b89 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/hbase_links.hbs
@@ -54,7 +54,7 @@
<td>
{{#if view.activeMaster}}
<a {{bindAttr href="view.hbaseMasterWebUrl"}}
- target="_blank">{{t dashboard.services.hbase.masterWebUI}}</a>
+ target="_blank" rel="noopener noreferrer">{{t dashboard.services.hbase.masterWebUI}}</a>
{{else}}
{{t services.service.summary.notAvailable}}
{{/if}}
@@ -81,7 +81,7 @@
<a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a>
<ul class="dropdown-menu">
{{#each quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
</ul>
</li>
@@ -89,7 +89,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}
diff --git a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
index 4b0669b..7e482b0 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
@@ -101,7 +101,7 @@
<a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a>
<ul class="dropdown-menu">
{{#each quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
</ul>
</li>
@@ -109,7 +109,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank rel="noopener noreferrer"">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}
diff --git a/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs
index 68bb54b..0ac48a7 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/yarn_links.hbs
@@ -66,7 +66,7 @@
<a href="javascript:void(null)">{{quickLinks.publicHostNameLabel}} </a>
<ul class="dropdown-menu">
{{#each quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
</ul>
</li>
@@ -74,7 +74,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}
diff --git a/ambari-web/app/templates/main/host/logs.hbs b/ambari-web/app/templates/main/host/logs.hbs
index 6d4066b..3ec1f35 100644
--- a/ambari-web/app/templates/main/host/logs.hbs
+++ b/ambari-web/app/templates/main/host/logs.hbs
@@ -43,7 +43,7 @@
<div>
<a {{action openLogFile row file.filePath target="view.parentView"}} href="#" rel="log-file-name-tooltip" {{bindAttr data-original-title="file.filePath"}}>{{file.fileName}}</a>
{{#view App.LogSearchUILinkView linkQueryParamsBinding="file.linkTail" tagName="span"}}
- <a {{bindAttr href="view.formatedLink"}} target="_blank" rel="log-file-name-tooltip" {{translateAttr title="popup.logTail.openInLogSearch"}} class="pull-right external-link">
+ <a {{bindAttr href="view.formatedLink"}} target="_blank" rel="log-file-name-tooltip noopener noreferrer" {{translateAttr title="popup.logTail.openInLogSearch"}} class="pull-right external-link">
<i class="icon-external-link"></i>
{{t popup.logTail.openInLogSearch}}
</a>
diff --git a/ambari-web/app/templates/main/service/info/summary.hbs b/ambari-web/app/templates/main/service/info/summary.hbs
index c100fca..f9e3131 100644
--- a/ambari-web/app/templates/main/service/info/summary.hbs
+++ b/ambari-web/app/templates/main/service/info/summary.hbs
@@ -98,7 +98,7 @@
{{#each quickLinks in group.links}}
<h6>{{quickLinks.publicHostNameLabel}}</h6>
{{#each quickLinks}}
- <a {{bindAttr href="url"}} target="_blank">{{label}}</a>
+ <a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a>
{{/each}}
{{/each}}
</div>
@@ -106,7 +106,7 @@
{{else}}
{{#if view.quickLinks}}
{{#each view.quickLinks}}
- <a {{bindAttr href="url"}} target="_blank">{{label}}</a>
+ <a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a>
{{/each}}
{{else}}
<div class="alert alert-danger">
[ambari] 02/02: AMBARI-24628. Fix possible "Phishing by Navigating
Browser Tabs" vulnerability (akovalenko)
Posted by ak...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
akovalenko pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
commit f8c700fc9d5a4bffc00ca173a5f61ebea841a4bc
Author: Aleksandr Kovalenko <ak...@apache.org>
AuthorDate: Thu Sep 13 13:34:15 2018 +0300
AMBARI-24628. Fix possible "Phishing by Navigating Browser Tabs" vulnerability (akovalenko)
---
ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
index 7e482b0..0b4a673 100644
--- a/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
+++ b/ambari-web/app/templates/main/dashboard/widgets/hdfs_links.hbs
@@ -109,7 +109,7 @@
{{/each}}
{{else}}
{{#each view.quickLinks}}
- <li><a {{bindAttr href="url"}} target="_blank rel="noopener noreferrer"">{{label}}</a></li>
+ <li><a {{bindAttr href="url"}} target="_blank" rel="noopener noreferrer">{{label}}</a></li>
{{/each}}
{{/if}}
{{else}}