Sean Busbey created HBASE-17558:
-----------------------------------
Summary: ZK dumping jsp should escape html
Key: HBASE-17558
URL: https://issues.apache.org/jira/browse/HBASE-17558
Project: HBase
Issue Type: Bug
Components: security, UI
Reporter: Sean Busbey
Priority: Minor
Right now the ZK status page in the master dumps data from ZK using ZKUtil
without doing any processing to e.g. escape HTML entities.
ie.:
{codE}
<div class="container-fluid content">
<div class="row inner_header">
<div class="page-header">
<h1>ZooKeeper Dump</h1>
</div>
</div>
<div class="row">
<div class="span12">
<pre><%= ZKUtil.dump(watcher).trim() %></pre>
</div>
</div>
</div>
{code}
current url:
https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
