[ https://issues.apache.org/jira/browse/MAPREDUCE-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13166228#comment-13166228 ]
Thomas Graves commented on MAPREDUCE-2863: ------------------------------------------ Thanks for the comments. As stated above with original patch unit tests are not complete and I plan on finishing in a follow up jira. I actually have all the RM and NM ones done and they address your comments. I'm still working on AM and HS ones. I can either attach them now or attach in followup jira as I had originally planned. Let me know what you prefer. I would think the xss would be more in the POST case. In this case we just return what the user sent in and its in a JSON object when returned. Since its wrapped in json and in a string the browser should not be executing it. Doing some reading Jersey and jaxb should also in general handle the xss attacks correctly. I ran a few tests and in all the cases I could come up with it does the proper thing. If you have particular things in mind please let me know. > Support web-services for RM & NM > -------------------------------- > > Key: MAPREDUCE-2863 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-2863 > Project: Hadoop Map/Reduce > Issue Type: Improvement > Components: mrv2, nodemanager, resourcemanager > Affects Versions: 0.23.0 > Reporter: Arun C Murthy > Assignee: Thomas Graves > Priority: Blocker > Attachments: MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, > MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, > MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, > amoutput.txt, appoutput.txt, hsoutput.txt, nmoutput.txt, nmoutput.txt, > nmoutput.txt, rmoutput.txt, rmoutput.txt, rmoutput.txt > > > It will be very useful for RM and NM to support web-services to export > json/xml. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira