You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by wu...@apache.org on 2022/11/14 16:37:44 UTC
[ambari] branch trunk updated: AMBARI-25387: Ambari-Web UI hosts Tab is vulnerable to XSS attack (#3491)
This is an automated email from the ASF dual-hosted git repository.
wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 09c1c10860 AMBARI-25387: Ambari-Web UI hosts Tab is vulnerable to XSS attack (#3491)
09c1c10860 is described below
commit 09c1c10860c05196efc215e6c4ec498916fae6b3
Author: Zhiguo Wu <wu...@apache.org>
AuthorDate: Tue Nov 15 00:37:38 2022 +0800
AMBARI-25387: Ambari-Web UI hosts Tab is vulnerable to XSS attack (#3491)
---
ambari-web/app/views/common/helpers/format_word_break_view.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ambari-web/app/views/common/helpers/format_word_break_view.js b/ambari-web/app/views/common/helpers/format_word_break_view.js
index 8601cdc831..69ccf9e4c6 100644
--- a/ambari-web/app/views/common/helpers/format_word_break_view.js
+++ b/ambari-web/app/views/common/helpers/format_word_break_view.js
@@ -38,7 +38,7 @@ App.FormatWordBreakView = Em.View.extend({
* @type {string}
*/
result: function() {
- var content = this.get('content') || '';
+ var content = Ember.Handlebars.Utils.escapeExpression(this.get('content')) || '';
var self = this;
['.', '_', '/'].forEach(function (delimiter) {
if (content.contains(delimiter)) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org