YARN-1993. Cross-site scripting vulnerability in TextView.java. Contributed byKenji Kikushima.
This commit is contained in:
parent
6ae2a0d048
commit
e8d0ee5fc9
@ -293,6 +293,10 @@ Release 2.8.0 - UNRELEASED
|
||||
YARN-2454. Fix compareTo of variable UNBOUNDED in o.a.h.y.util.resource.Resources.
|
||||
(Xu Yang via junping_du)
|
||||
|
||||
YARN-1993. Cross-site scripting vulnerability in TextView.java. (Kenji Kikushima
|
||||
via ozawa)
|
||||
|
||||
|
||||
Release 2.7.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
@ -20,6 +20,7 @@
|
||||
|
||||
import java.io.PrintWriter;
|
||||
|
||||
import org.apache.commons.lang.StringEscapeUtils;
|
||||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.yarn.webapp.View;
|
||||
|
||||
@ -45,7 +46,9 @@ protected TextView(ViewContext ctx, String contentType) {
|
||||
public void echo(Object... args) {
|
||||
PrintWriter out = writer();
|
||||
for (Object s : args) {
|
||||
out.print(s);
|
||||
String escapedString = StringEscapeUtils.escapeJavaScript(
|
||||
StringEscapeUtils.escapeHtml(s.toString()));
|
||||
out.print(escapedString);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user