Prosoft Git

azkaban-aplcache

Adding velocity-tools EscapeTool to able to escape certain

10/17/2014 7:37:27 PM
Hien Luu

Hien Luu

Commit: aec824f

Tree: 162860a

Parents: 3e2378b

Changes

azkaban-webserver/src/main/java/azkaban/webapp/servlet/ExecutorServlet.java 8(+5 -3)

azkaban-webserver/src/main/java/azkaban/webapp/servlet/Page.java 2(+2 -0)

azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/historypage.vm 16(+8 -8)

azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/index.vm 2(+1 -1)

build.gradle 1(+1 -0)

Details

azkaban-webserver/src/main/java/azkaban/webapp/servlet/ExecutorServlet.java 8(+5 -3) 

diff --git a/azkaban-webserver/src/main/java/azkaban/webapp/servlet/ExecutorServlet.java b/azkaban-webserver/src/main/java/azkaban/webapp/servlet/ExecutorServlet.java
index c5ae77c..2923d5e 100644
--- a/azkaban-webserver/src/main/java/azkaban/webapp/servlet/ExecutorServlet.java
+++ b/azkaban-webserver/src/main/java/azkaban/webapp/servlet/ExecutorServlet.java
@@ -27,12 +27,14 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
+
 import azkaban.executor.ExecutableFlow;
 import azkaban.executor.ExecutableFlowBase;
 import azkaban.executor.ExecutableNode;
 import azkaban.executor.ExecutionOptions;
-import azkaban.executor.ExecutorManagerAdapter;
 import azkaban.executor.ExecutionOptions.FailureAction;
+import azkaban.executor.ExecutorManagerAdapter;
 import azkaban.executor.ExecutorManagerException;
 import azkaban.executor.Status;
 import azkaban.flow.Flow;
@@ -44,8 +46,8 @@ import azkaban.scheduler.ScheduleManagerException;
 import azkaban.server.HttpRequestUtils;
 import azkaban.server.session.Session;
 import azkaban.user.Permission;
-import azkaban.user.User;
 import azkaban.user.Permission.Type;
+import azkaban.user.User;
 import azkaban.utils.FileIOUtils.LogData;
 import azkaban.webapp.AzkabanWebServer;
 import azkaban.webapp.plugin.PluginRegistry;
@@ -380,7 +382,7 @@ public class ExecutorServlet extends LoginAbstractAzkabanServlet {
       } else {
         ret.put("length", data.getLength());
         ret.put("offset", data.getOffset());
-        ret.put("data", data.getData());
+        ret.put("data", StringEscapeUtils.escapeHtml(data.getData()));
       }
     } catch (ExecutorManagerException e) {
       throw new ServletException(e);

azkaban-webserver/src/main/java/azkaban/webapp/servlet/Page.java 2(+2 -0) 

diff --git a/azkaban-webserver/src/main/java/azkaban/webapp/servlet/Page.java b/azkaban-webserver/src/main/java/azkaban/webapp/servlet/Page.java
index b03673f..cb8e06e 100644
--- a/azkaban-webserver/src/main/java/azkaban/webapp/servlet/Page.java
+++ b/azkaban-webserver/src/main/java/azkaban/webapp/servlet/Page.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.tools.generic.EscapeTool;
 
 import azkaban.utils.Utils;
 
@@ -52,6 +53,7 @@ public class Page {
     this.engine = Utils.nonNull(engine);
     this.template = Utils.nonNull(template);
     this.context = new VelocityContext();
+    this.context.put("esc", new EscapeTool());
     this.context.put("session", request.getSession(true));
     this.context.put("context", request.getContextPath());
   }

azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/historypage.vm 16(+8 -8) 

diff --git a/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/historypage.vm b/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/historypage.vm
index 548460c..1938e87 100644
--- a/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/historypage.vm
+++ b/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/historypage.vm
@@ -60,7 +60,7 @@
               <input type="hidden" name="search" value="true">
               <div class="form-group">
                 <div class="input-group">
-                  <input type="text" id="searchtextbox" placeholder="flow name containing ..." value=#if($search_term) ${search_term} #else "" #end class="form-control input-sm" name="searchterm">
+                  <input type="text" id="searchtextbox" placeholder="flow name containing ..." value=#if($search_term) "$esc.html(${search_term})" #else "" #end class="form-control input-sm" name="searchterm">
                   <span class="input-group-btn">
                     <button class="btn btn-primary btn-sm">Quick Search</button>
                     <button type="button" class="btn btn-success btn-sm" id="adv-filter-btn">Advanced Filter</button>
@@ -129,13 +129,13 @@
           </table>
           <ul class="pagination" id="pageSelection">
   #if ($search)
-            <li id="previous" class="first"><a href="${context}/history?page=${previous.page}&size=${previous.size}&search=true&searchterm=${search_term}"><span class="arrow">&larr;</span>Previous</a></li>
-            <li id="page1" #if($page1.selected) class="selected" #end><a href="${context}/history?page=${page1.page}&size=${page1.size}&search=true&searchterm=${search_term}">${page1.page}</a></li>
-            <li id="page2" #if($page2.selected) class="selected" #end><a href="${context}/history?page=${page2.page}&size=${page2.size}&search=true&searchterm=${search_term}">${page2.page}</a></li>
-            <li id="page3" #if($page3.selected) class="selected" #end><a href="${context}/history?page=${page3.page}&size=${page3.size}&search=true&searchterm=${search_term}">${page3.page}</a></li>
-            <li id="page4" #if($page4.selected) class="selected" #end><a href="${context}/history?page=${page4.page}&size=${page4.size}&search=true&searchterm=${search_term}">${page4.page}</a></li>
-            <li id="page5" #if($page5.selected) class="selected" #end><a href="${context}/history?page=${page5.page}&size=${page5.size}&search=true&searchterm=${search_term}">${page5.page}</a></li>
-            <li id="next"><a href="${context}/history?page=${next.page}&size=${next.size}&search=true&searchterm=${search_term}">Next<span class="arrow">&rarr;</span></a></li>
+            <li id="previous" class="first"><a href="${context}/history?page=${previous.page}&size=${previous.size}&search=true&searchterm=$esc.html(${search_term})"><span class="arrow">&larr;</span>Previous</a></li>
+            <li id="page1" #if($page1.selected) class="selected" #end><a href="${context}/history?page=${page1.page}&size=${page1.size}&search=true&searchterm=$esc.html(${search_term})">${page1.page}</a></li>
+            <li id="page2" #if($page2.selected) class="selected" #end><a href="${context}/history?page=${page2.page}&size=${page2.size}&search=true&searchterm=$esc.html(${search_term})">${page2.page}</a></li>
+            <li id="page3" #if($page3.selected) class="selected" #end><a href="${context}/history?page=${page3.page}&size=${page3.size}&search=true&searchterm=$esc.html(${search_term})">${page3.page}</a></li>
+            <li id="page4" #if($page4.selected) class="selected" #end><a href="${context}/history?page=${page4.page}&size=${page4.size}&search=true&searchterm=$esc.html(${search_term})">${page4.page}</a></li>
+            <li id="page5" #if($page5.selected) class="selected" #end><a href="${context}/history?page=${page5.page}&size=${page5.size}&search=true&searchterm=$esc.html(${search_term})">${page5.page}</a></li>
+            <li id="next"><a href="${context}/history?page=${next.page}&size=${next.size}&search=true&searchterm=$esc.html(${search_term})">Next<span class="arrow">&rarr;</span></a></li>
   #elseif($advfilter)
             <li id="previous" class="first"><a href="${context}/history?page=${previous.page}&size=${previous.size}&advfilter=true&projcontain=${projcontain}&flowcontain=${flowcontain}&usercontain=${usercontain}&status=${status}&begin=${begin}&end=${end}"><span class="arrow">&larr;</span>Previous</a></li>
             <li id="page1" #if($page1.selected) class="selected" #end><a href="${context}/history?page=${page1.page}&size=${page1.size}&advfilter=true&projcontain=${projcontain}&flowcontain=${flowcontain}&usercontain=${usercontain}&status=${status}&begin=${begin}&end=${end}">${page1.page}</a></li>

azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/index.vm 2(+1 -1) 

diff --git a/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/index.vm b/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/index.vm
index f1cf5b9..d175a6b 100644
--- a/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/index.vm
+++ b/azkaban-webserver/src/main/resources/azkaban/webapp/servlet/velocity/index.vm
@@ -52,7 +52,7 @@
 #end
               <div class="form-group col-xs-9">
                 <div class="input-group">
-                  <input id="search-textbox" type="text" placeholder="Project name containing..." value=#if($search_term) ${search_term} #else "" #end class="form-control input-sm" name="searchterm">
+                  <input id="search-textbox" type="text" placeholder="Project name containing..." value=#if($search_term) "$esc.html(${search_term})" #else "" #end class="form-control input-sm" name="searchterm">
                   <span class="input-group-btn">
                     <button class="btn btn-sm btn-primary">Quick Search</button>
                   </span>

build.gradle 1(+1 -0) 

diff --git a/build.gradle b/build.gradle
index 95dcd85..125fcde 100644
--- a/build.gradle
+++ b/build.gradle
@@ -189,6 +189,7 @@ project(':azkaban-webserver') {
     compile('log4j:log4j:1.2.16')
     compile('net.sf.jopt-simple:jopt-simple:4.3')
     compile('org.apache.velocity:velocity:1.7')
+    compile('org.apache.velocity:velocity-tools:2.0')
     compile('org.mortbay.jetty:jetty:6.1.26')
     compile('org.mortbay.jetty:jetty-util:6.1.26')

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github