Jan Høydahl created SOLR-15678:
----------------------------------
Summary: Disallow html content-type in ShowFileRequestHandler
Key: SOLR-15678
URL: https://issues.apache.org/jira/browse/SOLR-15678
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Jan Høydahl
Assignee: Jan Høydahl
ShowFileRequestHandler will return a file from a configSet, and is used in the
Admin UI. It returns the file using its proper content type, so browsers will
render JSON, XML and plain text correctly. However, for html files (although
unllikely in a configset) it is better to render as plain-text in a browser.
Both to avoid XSS and since users would want to see the html code, not a
rendered page.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
