You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/04/21 20:12:04 UTC
[jira] [Created] (AMBARI-20823) Remove user input from invalid
renderer error message
Robert Levas created AMBARI-20823:
-------------------------------------
Summary: Remove user input from invalid renderer error message
Key: AMBARI-20823
URL: https://issues.apache.org/jira/browse/AMBARI-20823
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 1.5.0
Reporter: Robert Levas
Assignee: Attila Magyar
Priority: Critical
Fix For: 2.5.1
Remove user input from invalid renderer error message to avoid potential XSS attacks.
The user input data returned in the exception thrown at
{code:title=org/apache/ambari/server/api/resources/BaseResourceDefinition.java:135}
throw new IllegalArgumentException("Invalid renderer name: " + name +
" for resource of type: " + m_type);
{code}
should be removed and the error message changed to:
{noformat}
Invalid renderer name for resource of type <resource type>.m
{noformat}
or simply
{noformat}
Invalid renderer name.
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)