[ https://issues.apache.org/jira/browse/YARN-10824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17364990#comment-17364990 ]
Bilwa S T commented on YARN-10824: ---------------------------------- Command injection can happen here. So to avoid that we can just set title to JHS and NM page > Title not set for JHS and NM webpages > ------------------------------------- > > Key: YARN-10824 > URL: https://issues.apache.org/jira/browse/YARN-10824 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Rajshree Mishra > Assignee: Bilwa S T > Priority: Major > Attachments: JHS URL.jpg, NM URL.jpg > > > Passing a title to the jobHistoryServer(jhs) or Nodemanager(nm) pages using a > url similar to: > https://[hostname]:[jhs_port]/jobhistory/about?title=12345%27%22 > orĀ > https://[hostname]:[nm_port]/node?title=12345 > sets the page title to be set to the value mentioned. > [Image attached] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org