HDDS-2111. XSS fragments can be injected to the S3g landing page
Signed-off-by: Anu Engineer <aengineer@apache.org>
This commit is contained in:
parent
66bd1681f8
commit
2358e53e9c
@ -21,6 +21,7 @@
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta http-equiv="Content-Security-Policy" content="script-src 'self';">
|
||||
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
|
||||
<meta name="description" content="Apache Hadoop Ozone S3 gateway">
|
||||
|
||||
@ -68,12 +69,15 @@ <h1>S3 gateway</h1>
|
||||
|
||||
<p>For example with aws-cli:</p>
|
||||
|
||||
<pre>aws s3api --endpoint <script>document.write(window.location.href.replace("static/", ""))</script> create-bucket --bucket=wordcount</pre>
|
||||
<pre>aws s3api --endpoint <span id="s3gurl"></span> create-bucket --bucket=wordcount</pre>
|
||||
|
||||
<p>For more information, please check the <a href="docs">documentation.</a>
|
||||
</p>
|
||||
</div><!-- /.container -->
|
||||
|
||||
<script src="static/bootstrap-3.4.1/js/bootstrap.min.js"></script>
|
||||
<script src="jquery-3.4.1.min.js"></script>
|
||||
<script src="bootstrap-3.4.1/js/bootstrap.min.js"></script>
|
||||
<script src="s3g.js"></script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
@ -0,0 +1,23 @@
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
window.onload = function () {
|
||||
var safeurl = window.location.protocol + "//" + window.location.host + window.location.pathname;
|
||||
safeurl = safeurl.replace("static/", "");
|
||||
document.getElementById('s3gurl').innerHTML = safeurl;
|
||||
};
|
Loading…
Reference in New Issue
Block a user