[jira] [Updated] (HBASE-7184) pre-check table name in table.jsp

liang xie (JIRA) Mon, 19 Nov 2012 00:05:04 -0800

     [ 
https://issues.apache.org/jira/browse/HBASE-7184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


liang xie updated HBASE-7184:
-----------------------------

    Status: Patch Available  (was: Open)
    
> pre-check table name in table.jsp
> ---------------------------------
>
>                 Key: HBASE-7184
>                 URL: https://issues.apache.org/jira/browse/HBASE-7184
>             Project: HBase
>          Issue Type: Improvement
>          Components: UI
>    Affects Versions: 0.94.2, 0.96.0
>            Reporter: liang xie
>            Assignee: liang xie
>         Attachments: HBASE-7184.txt
>
>
> Currently the (table)name parameter in table.jsp isn't checked, it brings two 
> problems at least:
> 1) 500 error for invalid value
> 2) directly written to JSP output, giving reflected XSS vulnerability
> we can do a parameter-checking

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (HBASE-7184) pre-check table name in table.jsp

Reply via email to