From ec839b94c0eb3f09e74f8a3b0bc9a08b3f5418b2 Mon Sep 17 00:00:00 2001
From: Andrew Wang <wang@apache.org>
Date: Mon, 6 Mar 2017 10:47:15 -0800
Subject: [PATCH] HDFS-11441. Add escaping to error message in KMS web UI.
 Contributed by Aaron T. Myers.

---
 .../hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
index 45e48e9a7d..3e98a25232 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
@@ -20,6 +20,7 @@
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.crypto.key.kms.KMSDelegationToken;
+import org.apache.hadoop.http.HtmlQuoting;
 import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
 import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter;
@@ -105,7 +106,7 @@ public void setStatus(int sc) {
     public void sendError(int sc, String msg) throws IOException {
       statusCode = sc;
       this.msg = msg;
-      super.sendError(sc, msg);
+      super.sendError(sc, HtmlQuoting.quoteHtmlChars(msg));
     }
 
     @Override