Hello, Mark. Unfortunately, i don't think theres way to clean it up. Note is stored as is on server side, and theres no way to modify or remove it (except of modifying database directly), as it was designed to store history of changes. Perhaps someone else may help with fixing this on UI side.
Can you create an issue for this? (https://issues.apache.org/jira/browse/AMBARI) I'm sure this should be fixed as soon as possible. -- Regards, Myroslav Papirkovskyy ________________________________ Від: Mark Kerzner <[email protected]> Надіслано: 1 червня 2015 р. 16:54 Кому: Ambari user Тема: Ambari XSS vulnerability? Hi, all, I think we have found this vulnerability, and it belongs to Ambari. To reproduce: 1. Edit Flume configuration in Ambari 2. When adding a note, input a simple XSS script 3. Observe a dialog popup, annoyingly, three times, and then again. I have not found a way to clean it up as yet. Thank you, Mark -- Mark Kerzner, Managing Partner, Elephant Scale<http://elephantscale.com/> Mobile: 713-724-2534, Skype: mark.kerzner1 https://www.linkedin.com/in/markkerzner To schedule a meeting with me: http://www.meetme.so/markkerzner
