[
https://issues.apache.org/jira/browse/HADOOP-7093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12980349#action_12980349
]
Tom White commented on HADOOP-7093:
-----------------------------------
A few comments:
* StackServlet shouldn't use HtmlQuoting since it is serving plain text.
* We need to be sure that StackServlet is serving UTF8-encoded text. Currently
it is using the default platform encoding since it is using a writer
constructed with new PrintWriter(response.getOutputStream()), see
http://download.oracle.com/javase/6/docs/api/java/io/PrintWriter.html#PrintWriter%28java.io.OutputStream%29.
Rather we might use response.getWriter(), which uses the character encoding
returned by ServletResponse#getCharacterEncoding(), which should pick it up
from our earlier call to ServletResponse#setContentType, according to
http://download.oracle.com/javaee/6/api/javax/servlet/ServletResponse.html#getWriter%28%29.
The other servlets need checking for this too.
* For JSON, MetricsServlet should set the content type to "application/json;
charset=utf-8". It's not currently setting the content type.
* ConfServlet should set the charset explicitly too.
> Servlets should default to text/plain
> -------------------------------------
>
> Key: HADOOP-7093
> URL: https://issues.apache.org/jira/browse/HADOOP-7093
> Project: Hadoop Common
> Issue Type: Bug
> Components: io
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Fix For: 0.22.0
>
> Attachments: hadoop-7093.txt
>
>
> In trunk the servlets like /stacks and /metrics are returning text/html
> content-type instead of text/plain. Security wise it's much safer to default
> to text/plain and require servlets to explicitly set the content-type to
> text/html when required.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
