[ https://issues.apache.org/jira/browse/YARN-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526073#comment-14526073 ]
Hudson commented on YARN-1993: ------------------------------ SUCCESS: Integrated in Hadoop-Mapreduce-trunk #2132 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2132/]) YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima. (ozawa: rev e8d0ee5fc9af612d7abc9ab2c201434e7102d092) * hadoop-yarn-project/CHANGES.txt * hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java > Cross-site scripting vulnerability in TextView.java > --------------------------------------------------- > > Key: YARN-1993 > URL: https://issues.apache.org/jira/browse/YARN-1993 > Project: Hadoop YARN > Issue Type: Bug > Components: webapp > Reporter: Ted Yu > Assignee: Kenji Kikushima > Fix For: 2.8.0 > > Attachments: YARN-1993.patch > > > In > hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/view/TextView.java > , method echo() e.g. : > {code} > for (Object s : args) { > out.print(s); > } > {code} > Printing s to an HTML page allows cross-site scripting, because it was not > properly sanitized for context HTML attribute name. -- This message was sent by Atlassian JIRA (v6.3.4#6332)