[GitHub] accumulo issue #289: ACCUMULO-4677 Sanitizing PathParam values in REST-based...

[ctubbsii <gi...@git.apache.org>]

Github user ctubbsii commented on the issue:

    https://github.com/apache/accumulo/pull/289
  
    Oh, nice! Thanks for working on this @glitch ; I took a brief look and I think this is basically what we need. I didn't do a thorough review, though. I'll try to get to that soon, if nobody else does.
    
    I think the main concern is that we don't allow input to be put back into the returned page in a way that poses a security risk. If a table can't be found, or a range of minutes doesn't work because it was input incorrectly, that's not so much a big deal, as long as it only breaks that particular HTTP request, and not Accumulo itself or the monitor state.
    
    The main concern is probably being able to click a link to the monitor which causes the monitor to start executing javascript or something which was in the query or path parameters.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---