Google Git
Sign in
apache / zeppelin / c8eabde13f226fd0647c623e6eb67170768d02d1
commitc8eabde13f226fd0647c623e6eb67170768d02d1[log] [tgz]
authorAkhil Subhash Naik <asnaik@hortonworks.com>Thu Sep 19 11:25:40 2019 +0530
committerLee moon soo <moon@apache.org>Thu Sep 19 09:58:45 2019 -0700
tree45a0629e0dde6931187f848e4853a13408af2932
parent14bbeb6d99a16b46545fbdc0850e3b10ae8cb703 [diff]
ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach

### What is this PR for?
Fix of : ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach

Issue reproduction steps :

1) create a notebook
2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack

### What type of PR is it?
BUG FIX ZEPPELIN-4335

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-4335

### How should this be tested?

Test as per reproduction steps :
1) create a notebook
2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack

### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No

Author: Akhil Subhash Naik <asnaik@hortonworks.com>

Closes #3452 from Akhilsnaik/ZEPPELIN-4335 and squashes the following commits:

95212d846 [Akhil Subhash Naik] ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach (asnaik)

(cherry picked from commit f9e2ff8ff8316e973957041b0f213ce7651cab1c)
Signed-off-by: Lee moon soo <moon@apache.org>
1 file changed
tree: 45a0629e0dde6931187f848e4853a13408af2932
  1. .github/
  2. _tools/
  3. alluxio/
  4. angular/
  5. beam/
  6. bigquery/
  7. bin/
  8. cassandra/
  9. conf/
  10. dev/
  11. docs/
  12. elasticsearch/
  13. file/
  14. flink/
  15. geode/
  16. groovy/
  17. hbase/
  18. helium-dev/
  19. ignite/
  20. interpreter/
  21. interpreter-parent/
  22. jdbc/
  23. kylin/
  24. lens/
  25. licenses/
  26. livy/
  27. markdown/
  28. neo4j/
  29. notebook/
  30. pig/
  31. python/
  32. r/
  33. sap/
  34. scalding/
  35. scio/
  36. scripts/
  37. shell/
  38. spark/
  39. testing/
  40. zeppelin-display/
  41. zeppelin-distribution/
  42. zeppelin-examples/
  43. zeppelin-integration/
  44. zeppelin-interpreter/
  45. zeppelin-interpreter-integration/
  46. zeppelin-jupyter/
  47. zeppelin-server/
  48. zeppelin-web/
  49. zeppelin-zengine/
  50. .appveyor.yml
  51. .gitignore
  52. .travis.yml
  53. LICENSE
  54. NOTICE
  55. pom.xml
  56. README.md
  57. Roadmap.md
  58. SECURITY-README.md
  59. STYLE.md
  60. travis_check.py
README.md

Apache Zeppelin

Documentation: User Guide
Mailing Lists: User and Dev mailing list
Continuous Integration: Build Status
Contributing: Contribution Guide
Issue Tracker: Jira
License: Apache 2.0

Zeppelin, a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.

Core feature:

  • Web based notebook style editor.
  • Built-in Apache Spark support

To know more about Zeppelin, visit our web site http://zeppelin.apache.org

Getting Started

Install binary package

Please go to install to install Apache Zeppelin from binary package.

Build from source

Please check Build from source to build Zeppelin from source.