You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-dev@lucene.apache.org by "Paul Lovvik (JIRA)" <ji...@apache.org> on 2009/02/21 00:29:01 UTC
[jira] Updated: (SOLR-1031) XSS vulnerability in schema.jsp (patch
included)
[ https://issues.apache.org/jira/browse/SOLR-1031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Lovvik updated SOLR-1031:
------------------------------
Attachment: SchemaXSS.patch
Here is the patch.
> XSS vulnerability in schema.jsp (patch included)
> ------------------------------------------------
>
> Key: SOLR-1031
> URL: https://issues.apache.org/jira/browse/SOLR-1031
> Project: Solr
> Issue Type: Bug
> Components: web gui
> Affects Versions: 1.2, 1.3
> Reporter: Paul Lovvik
> Attachments: SchemaXSS.patch
>
>
> If javascript is embedded in any of the fields, it is possible for that javascript to be executed when viewing the schema.
> The javascript will appear in the "Top Terms" part of the UI.
> I have created a simple patch to prevent this problem from occurring.
> Hmmm... I apparently can't attach the patch, so here is the patch text:
> Index: src/webapp/web/admin/schema.jsp
> ===================================================================
> --- src/webapp/web/admin/schema.jsp (revision 746406)
> +++ src/webapp/web/admin/schema.jsp (working copy)
> @@ -490,14 +490,10 @@
>
> var numTerms = 0;
> $.each(topTerms, function(term, count) {
> - var row = document.createElement('tr');
> - var c1 = document.createElement('td');
> - c1.innerHTML=term;
> - var c2 = document.createElement('td');
> - c2.innerHTML=count;
> - row.appendChild(c1);
> - row.appendChild(c2);
> - tbody.appendChild(row);
> + var c1 = $('<td>').text(term);
> + var c2 = $('<td>').text(count);
> + var row = $('<tr>').append(c1).append(c2);
> + tbody.appendChild(row.get(0));
> numTerms++;
> });
> tbl.appendChild(tbody);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.