Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-15329 Cross-Site Scripting: Reflected in table.jsp (Samir Ahmic)

This commit is contained in:
chenheng 2016-03-03 12:07:00 +08:00
parent 5e395c4294
commit 4b3e38705c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hbase-server/src/main/resources/hbase-webapps/master/table.jsp
View File

@ -24,6 +24,7 @@
import="java.util.Map" import="java.util.Map"
import="java.util.Set" import="java.util.Set"
import="java.util.Collection" import="java.util.Collection"
import="org.owasp.esapi.ESAPI"
import="org.apache.hadoop.conf.Configuration" import="org.apache.hadoop.conf.Configuration"
import="org.apache.hadoop.hbase.client.HTable" import="org.apache.hadoop.hbase.client.HTable"
import="org.apache.hadoop.hbase.client.Admin" import="org.apache.hadoop.hbase.client.Admin"
@ -74,7 +75,7 @@
<% if ( !readOnly && action != null ) { %> <% if ( !readOnly && action != null ) { %>
<title>HBase Master: <%= master.getServerName() %></title> <title>HBase Master: <%= master.getServerName() %></title>
<% } else { %> <% } else { %>
<title>Table: <%= fqtn %></title> <title>Table: <%= ESAPI.encoder().encodeForHTML(fqtn) %></title>
<% } %> <% } %>
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content=""> <meta name="description" content="">
@ -169,7 +170,7 @@ if ( fqtn != null ) {
<div class="container-fluid content"> <div class="container-fluid content">
<div class="row inner_header"> <div class="row inner_header">
<div class="page-header"> <div class="page-header">
<h1>Table <small><%= fqtn %></small></h1> <h1>Table <small><%= ESAPI.encoder().encodeForHTML(fqtn) %></small></h1>
</div> </div>
</div> </div>
<div class="row"> <div class="row">