OpenSearch/server
Tianli Feng 2bfe8b31af
Filter out invalid URI and HTTP method in the error message of no handler found for a REST request (#3459)
Filter out invalid URI and HTTP method of a error message, which shown when there is no handler found for a REST request sent by user, so that HTML special characters <>&"' will not shown in the error message.

The error message is return as mine-type `application/json`, which can't contain active (script) content, so it's not a vulnerability. Besides, no browsers are going to render as html when the mine-type is that.
While the common security scanners will raise a false-positive alarm for having HTML tags in the response without escaping the HTML special characters, so the solution only aims to satisfy the code security scanners.

Signed-off-by: Tianli Feng <ftianli@amazon.com>
2022-06-02 09:29:32 -07:00
..
licenses [Upgrade] Lucene-9.3.0-snapshot-823df23 (#3478) 2022-05-31 10:57:10 -05:00
src Filter out invalid URI and HTTP method in the error message of no handler found for a REST request (#3459) 2022-06-02 09:29:32 -07:00
build.gradle Bump HdrHistogram from 2.1.9 to 2.1.12 in /server (#2135) 2022-05-05 11:30:12 -05:00