HDFS-11441. Add escaping to error message in KMS web UI. Contributed by Aaron T. Myers.

This commit is contained in:
Andrew Wang 2017-03-06 10:47:15 -08:00
parent 209ecd1a5c
commit ec839b94c0
1 changed files with 2 additions and 1 deletions

View File

@ -20,6 +20,7 @@ package org.apache.hadoop.crypto.key.kms.server;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.kms.KMSDelegationToken; import org.apache.hadoop.crypto.key.kms.KMSDelegationToken;
import org.apache.hadoop.http.HtmlQuoting;
import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter; import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
@ -105,7 +106,7 @@ public class KMSAuthenticationFilter
public void sendError(int sc, String msg) throws IOException { public void sendError(int sc, String msg) throws IOException {
statusCode = sc; statusCode = sc;
this.msg = msg; this.msg = msg;
super.sendError(sc, msg); super.sendError(sc, HtmlQuoting.quoteHtmlChars(msg));
} }
@Override @Override