[ https://issues.apache.org/jira/browse/HBASE-17558?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Purtell updated HBASE-17558: ----------------------------------- Fix Version/s: (was: 1.4.0) > ZK dumping jsp should escape html > ---------------------------------- > > Key: HBASE-17558 > URL: https://issues.apache.org/jira/browse/HBASE-17558 > Project: HBase > Issue Type: Bug > Components: security, UI > Reporter: Sean Busbey > Assignee: Sean Busbey > Priority: Minor > Fix For: 2.0.0, 1.3.1, 1.2.5, 1.1.9 > > Attachments: HBASE-17558.0.patch > > > Right now the ZK status page in the master dumps data from ZK using ZKUtil > without doing any processing to e.g. escape HTML entities. > ie.: > {code} > <div class="container-fluid content"> > <div class="row inner_header"> > <div class="page-header"> > <h1>ZooKeeper Dump</h1> > </div> > </div> > <div class="row"> > <div class="span12"> > <pre><%= ZKUtil.dump(watcher).trim() %></pre> > </div> > </div> > </div> > {code} > current url: > https://github.com/apache/hbase/blob/master/hbase-server/src/main/resources/hbase-webapps/master/zk.jsp#L83 -- This message was sent by Atlassian JIRA (v6.4.14#64029)