You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ha...@apache.org on 2019/05/27 10:43:52 UTC
[ambari] branch branch-2.6 updated: AMBARI-25287 Persistent Cross
Site Scripting (XSS) in Ambari
This is an automated email from the ASF dual-hosted git repository.
hapylestat pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.6 by this push:
new 0a99046 AMBARI-25287 Persistent Cross Site Scripting (XSS) in Ambari
0a99046 is described below
commit 0a990465fbd76f529e3b85039b7a853005988956
Author: Andrii Tkach <at...@apache.org>
AuthorDate: Mon May 27 11:06:22 2019 +0300
AMBARI-25287 Persistent Cross Site Scripting (XSS) in Ambari
---
ambari-web/app/mappers/configs/service_config_version_mapper.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/ambari-web/app/mappers/configs/service_config_version_mapper.js b/ambari-web/app/mappers/configs/service_config_version_mapper.js
index e95c925..4b8c226 100644
--- a/ambari-web/app/mappers/configs/service_config_version_mapper.js
+++ b/ambari-web/app/mappers/configs/service_config_version_mapper.js
@@ -56,6 +56,7 @@ App.serviceConfigVersionsMapper = App.QuickDataMapper.create({
parsedItem.group_id = parsedItem.group_id === -1 ? parsedItem.service_name + '_default' : parsedItem.group_id;
parsedItem.is_requested = true;
parsedItem.create_time = App.dateTimeWithTimeZone(parsedItem.create_time);
+ parsedItem.notes = _.escape(parsedItem.notes);
itemIds[parsedItem.id] = true;
parsedItem.index = index;
if (serviceToHostMap[item.service_name]) {