You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/04/21 20:12:04 UTC

[jira] [Created] (AMBARI-20823) Remove user input from invalid renderer error message

Robert Levas created AMBARI-20823:
-------------------------------------

             Summary: Remove user input from invalid renderer error message
                 Key: AMBARI-20823
                 URL: https://issues.apache.org/jira/browse/AMBARI-20823
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 1.5.0
            Reporter: Robert Levas
            Assignee: Attila Magyar
            Priority: Critical
             Fix For: 2.5.1


Remove user input from invalid renderer error message to avoid potential XSS attacks. 

The user input data returned in the exception thrown at

{code:title=org/apache/ambari/server/api/resources/BaseResourceDefinition.java:135}
      throw new IllegalArgumentException("Invalid renderer name: " + name +
          " for resource of type: " + m_type);
{code}

should be removed and the error message changed to:

{noformat}
Invalid renderer name for resource of type <resource type>.m
{noformat}

or simply

{noformat}
Invalid renderer name.
{noformat}




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)