Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.8.0, 0.8.1
-
None
Description
Problem Statement : Deleting a Notebook is vulnerable to XSS attach
Issue reproducing :
1) create a notebook
2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack
in thi part of code we should sanitize the input given to bootStrapDialog with _.escape
Attachments
Attachments
Issue Links
- duplicates
-
ZEPPELIN-4333 Escape popup dialog title and message
- Closed
- links to