mirror of
https://github.com/apache/impala.git
synced 2026-01-07 00:02:28 -05:00
b5623d2d80
This patch moves error handling for the webserver to its own template, which means it gets to take advantage of the escaping features that templates have. The benefit is that if an error message includes user-created content (which may be maliciously crafted), the webserver escapes it and so it's unlikely to be executed by the client. There are still ways to get unescaped HTML content, specifically by requesting the JSON or 'raw' versions of a page. These pages are returned with content-type 'text/plain', however, which means that clients should not attempt to execute any scripts they contain. Change-Id: I7d2e2f10748c6f27e110d7366ec1a8b54a44bc21 Reviewed-on: http://gerrit.sjc.cloudera.com:8080/4775 Reviewed-by: Henry Robinson <henry@cloudera.com> Tested-by: jenkins (cherry picked from commit 9da3c6dd5bc2c0702f192d697f748e0b44a83f21) Reviewed-on: http://gerrit.sjc.cloudera.com:8080/5124
20 lines
700 B
Cheetah
20 lines
700 B
Cheetah
<!--
|
|
Copyright 2012- Cloudera Inc.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
{{ Placeholder template for error messages (which are handled by the header) }}
|
|
{{> www/common-header.tmpl }}
|
|
|
|
{{> www/common-footer.tmpl}}
|