[jira] Updated: (HADOOP-6151) The servlets should quote html characters

Devaraj Das (JIRA) Fri, 04 Dec 2009 17:37:45 -0800

     [ 
https://issues.apache.org/jira/browse/HADOOP-6151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Devaraj Das updated HADOOP-6151:
--------------------------------

    Attachment: h6151.20.patch

This patch is for 0.20. (not to be committed)

> The servlets should quote html characters
> -----------------------------------------
>
>                 Key: HADOOP-6151
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6151
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Owen O'Malley
>            Assignee: Owen O'Malley
>            Priority: Critical
>             Fix For: 0.21.0
>
>         Attachments: h6151.20.patch, h6151.patch, h6151.patch, h6151.patch, 
> h6151.patch
>
>
> We need to quote html characters that come from user generated data. 
> Otherwise, all of the web ui's have cross site scripting attack, etc.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (HADOOP-6151) The servlets should quote html characters

Reply via email to