Skip to content

ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach#3453

Closed
Akhilsnaik wants to merge 1 commit into
apache:branch-0.8from
Akhilsnaik:ZEPPELIN-4335-0.8
Closed

ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach#3453
Akhilsnaik wants to merge 1 commit into
apache:branch-0.8from
Akhilsnaik:ZEPPELIN-4335-0.8

Conversation

@Akhilsnaik
Copy link
Copy Markdown

@Akhilsnaik Akhilsnaik commented Sep 19, 2019

What is this PR for?

Fix of : ZEPPELIN-4335 Deleting a Notebook is vulnerable to XSS attach

Issue reproduction steps :

create a notebook
give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack

What type of PR is it?

BUG FIX ZEPPELIN-4335

Todos

What is the Jira issue?

https://issues.apache.org/jira/browse/ZEPPELIN-4335

How should this be tested?

Test as per reproduction steps :

create a notebook
give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack

Questions:

  • Does the licenses files need update? No
  • Is there breaking changes for older versions? No
  • Does this needs documentation? No

@Akhilsnaik
Copy link
Copy Markdown
Author

Akhilsnaik commented Sep 19, 2019

deleting this PR as its duplicate of #3452 .

@Akhilsnaik Akhilsnaik closed this Sep 19, 2019
@Akhilsnaik Akhilsnaik deleted the ZEPPELIN-4335-0.8 branch September 19, 2019 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Akhilsnaik