mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From haosdent huang <haosd...@apache.org>
Subject Re: Review Request 55691: Fix XSS vulnerability in pailer invocation.
Date Thu, 19 Jan 2017 16:27:23 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/55691/#review162303
-----------------------------------------------------------



Hi, seems set `document.cookie` could work instead of use localstorage. The problem of localstorage
is not supported some old browsers. Have you try set cookie before?


src/webui/master/static/pailer.html (lines 46 - 68)
<https://reviews.apache.org/r/55691/#comment233636>

    I think we remove this snippet?



src/webui/master/static/pailer.html (line 80)
<https://reviews.apache.org/r/55691/#comment233635>

    I think we could `localStorage.getItem/removeItem` above and use it here directly?


- haosdent huang


On Jan. 18, 2017, 11:40 p.m., Jacob Janco wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/55691/
> -----------------------------------------------------------
> 
> (Updated Jan. 18, 2017, 11:40 p.m.)
> 
> 
> Review request for mesos, haosdent huang and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-6947
>     https://issues.apache.org/jira/browse/MESOS-6947
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Fix XSS vulnerability in pailer invocation.
> 
> 
> Diffs
> -----
> 
>   src/webui/master/static/js/controllers.js 388ca2447716cbc7141da6a20daf2340621a16e8

>   src/webui/master/static/pailer.html 19e0981143bd7e8372b49f4f036867e9dd05727a 
> 
> Diff: https://reviews.apache.org/r/55691/diff/
> 
> 
> Testing
> -------
> 
> make -j8 + test framework + checking pailer representation of files in sandbox
> 
> 
> Thanks,
> 
> Jacob Janco
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message