You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2019/09/19 06:10:29 UTC
[GitHub] [zeppelin] Akhilsnaik opened a new pull request #3453:
ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach
Akhilsnaik opened a new pull request #3453: ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach
URL: https://github.com/apache/zeppelin/pull/3453
### What is this PR for?
Fix of : ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach
Issue reproduction steps :
create a notebook
give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack
### What type of PR is it?
BUG FIX ZEPPELIN-4335
### Todos
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-4335
### How should this be tested?
Test as per reproduction steps :
create a notebook
give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services