Github user paul-rogers commented on a diff in the pull request: https://github.com/apache/drill/pull/998#discussion_r145569670 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/DrillRoot.java --- @@ -85,21 +86,33 @@ public ClusterInfo getClusterInfoJSON() { // For all other cases the user info need-not or should-not be displayed OptionManager optionManager = work.getContext().getOptionManager(); final boolean isUserLoggedIn = AuthDynamicFeature.isUserLoggedIn(sc); + final String processUser = isUserLoggedIn ? + ImpersonationUtil.getProcessUserName() : null; + final String processUserGroups = isUserLoggedIn ? + Joiner.on(",").join(ImpersonationUtil.getProcessUserGroupNames()) : null; String adminUsers = isUserLoggedIn ? ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(optionManager) : null; String adminUserGroups = isUserLoggedIn ? ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(optionManager) : null; // separate groups by comma + space if (adminUsers != null) { - String[] groups = adminUsers.split(","); - adminUsers = Joiner.on(", ").join(groups); + if (adminUsers.length() == 0) { + adminUsers = "<empty>"; --- End diff -- This string uses angle brackets, which have meaning to HTML. When we emit these strings into the template, do we call the Freemarker function to escape special HTML characters?
---