commit | c8eabde13f226fd0647c623e6eb67170768d02d1 | [log] [tgz] |
---|---|---|
author | Akhil Subhash Naik <asnaik@hortonworks.com> | Thu Sep 19 11:25:40 2019 +0530 |
committer | Lee moon soo <moon@apache.org> | Thu Sep 19 09:58:45 2019 -0700 |
tree | 45a0629e0dde6931187f848e4853a13408af2932 | |
parent | 14bbeb6d99a16b46545fbdc0850e3b10ae8cb703 [diff] |
ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach ### What is this PR for? Fix of : ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach Issue reproduction steps : 1) create a notebook 2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key) 3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack ### What type of PR is it? BUG FIX ZEPPELIN-4335 ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-4335 ### How should this be tested? Test as per reproduction steps : 1) create a notebook 2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key) 3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Akhil Subhash Naik <asnaik@hortonworks.com> Closes #3452 from Akhilsnaik/ZEPPELIN-4335 and squashes the following commits: 95212d846 [Akhil Subhash Naik] ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach (asnaik) (cherry picked from commit f9e2ff8ff8316e973957041b0f213ce7651cab1c) Signed-off-by: Lee moon soo <moon@apache.org>
Documentation: User Guide
Mailing Lists: User and Dev mailing list
Continuous Integration:
Contributing: Contribution Guide
Issue Tracker: Jira
License: Apache 2.0
Zeppelin, a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.
Core feature:
To know more about Zeppelin, visit our web site http://zeppelin.apache.org
Please go to install to install Apache Zeppelin from binary package.
Please check Build from source to build Zeppelin from source.