You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by zj...@apache.org on 2015/05/04 22:05:00 UTC
[41/50] [abbrv] hadoop git commit: YARN-1993. Cross-site scripting
vulnerability in TextView.java. Contributed byKenji Kikushima.
YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/4b999c74
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/4b999c74
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/4b999c74
Branch: refs/heads/YARN-2928
Commit: 4b999c74cee3aabb5d4e7aff9f4fb953dcce7eac
Parents: b125d0d
Author: Tsuyoshi Ozawa <oz...@apache.org>
Authored: Sun May 3 10:51:17 2015 +0900
Committer: Zhijie Shen <zj...@apache.org>
Committed: Mon May 4 12:59:00 2015 -0700
----------------------------------------------------------------------
hadoop-yarn-project/CHANGES.txt | 4 ++++
.../main/java/org/apache/hadoop/yarn/webapp/view/TextView.java | 5 ++++-
2 files changed, 8 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/4b999c74/hadoop-yarn-project/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt
index 511ddb7..fde0168 100644
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@@ -357,6 +357,10 @@ Release 2.8.0 - UNRELEASED
YARN-2454. Fix compareTo of variable UNBOUNDED in o.a.h.y.util.resource.Resources.
(Xu Yang via junping_du)
+ YARN-1993. Cross-site scripting vulnerability in TextView.java. (Kenji Kikushima
+ via ozawa)
+
+
Release 2.7.1 - UNRELEASED
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/4b999c74/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
index 16efa4e..4983dac 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java
@@ -20,6 +20,7 @@ package org.apache.hadoop.yarn.webapp.view;
import java.io.PrintWriter;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.yarn.webapp.View;
@@ -45,7 +46,9 @@ public abstract class TextView extends View {
public void echo(Object... args) {
PrintWriter out = writer();
for (Object s : args) {
- out.print(s);
+ String escapedString = StringEscapeUtils.escapeJavaScript(
+ StringEscapeUtils.escapeHtml(s.toString()));
+ out.print(escapedString);
}
}