You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ch...@apache.org on 2016/03/03 05:20:28 UTC

hbase git commit: HBASE-15329 Cross-Site Scripting: Reflected in table.jsp (Samir Ahmic)

Repository: hbase
Updated Branches:
  refs/heads/master 5e395c429 -> 4b3e38705


HBASE-15329 Cross-Site Scripting: Reflected in table.jsp (Samir Ahmic)


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/4b3e3870
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/4b3e3870
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/4b3e3870

Branch: refs/heads/master
Commit: 4b3e38705cb24aee82615b1b9af47ed549ea1358
Parents: 5e395c4
Author: chenheng <ch...@apache.org>
Authored: Thu Mar 3 12:07:00 2016 +0800
Committer: chenheng <ch...@apache.org>
Committed: Thu Mar 3 12:20:00 2016 +0800

----------------------------------------------------------------------
 hbase-server/src/main/resources/hbase-webapps/master/table.jsp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/4b3e3870/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/resources/hbase-webapps/master/table.jsp b/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
index a3372ae..8a83565 100644
--- a/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
+++ b/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
@@ -24,6 +24,7 @@
   import="java.util.Map"
   import="java.util.Set"
   import="java.util.Collection"
+  import="org.owasp.esapi.ESAPI"
   import="org.apache.hadoop.conf.Configuration"
   import="org.apache.hadoop.hbase.client.HTable"
   import="org.apache.hadoop.hbase.client.Admin"
@@ -74,7 +75,7 @@
     <% if ( !readOnly && action != null ) { %>
         <title>HBase Master: <%= master.getServerName() %></title>
     <% } else { %>
-        <title>Table: <%= fqtn %></title>
+        <title>Table: <%= ESAPI.encoder().encodeForHTML(fqtn) %></title>
     <% } %>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta name="description" content="">
@@ -169,7 +170,7 @@ if ( fqtn != null ) {
 <div class="container-fluid content">
     <div class="row inner_header">
         <div class="page-header">
-            <h1>Table <small><%= fqtn %></small></h1>
+            <h1>Table <small><%= ESAPI.encoder().encodeForHTML(fqtn) %></small></h1>
         </div>
     </div>
     <div class="row">