Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-10704

Clicking on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console produces unformatted results. Raw html is displayed

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Optional
    • Resolution: Won't Fix
    • Affects Version/s: EAP_EWP 5.2.0
    • Fix Version/s: EAP_EWP 5.3.1.GA
    • Component/s: JMX, Web
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      click on invoke button on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console

      Show
      click on invoke button on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      WARNING: this workaround essentially re-opens the security issue which was present in EAP 5.1.2 and lower.
      It is NOT recommended to use this.

      1.Open in test editor displayOpResult.jsp in jmx-console.war.

      2.Edit / change below mentioned scriptlet

      <%!
      /**

      • Translate HTML tags and single and double quotes.
        */
        public String translateMetaCharacters(Object value) { if(value == null) return null; String s = String.valueOf(value); String sanitizedName = s.replace("<", "<"); sanitizedName = sanitizedName.replace(">", ">"); sanitizedName = sanitizedName.replace("\"", """); sanitizedName = sanitizedName.replace("\'", "'"); return sanitizedName; }

      %>

      To

      <%!
      /**

      • Translate HTML tags and single and double quotes.
        */
        public String translateMetaCharacters(Object value) { if(value == null) return null; String s = String.valueOf(value); String sanitizedName = s.replace("\"", """); sanitizedName = sanitizedName.replace("\'", "'"); return sanitizedName; }

      %>

      3.save the changes in displayOpResult.jsp and restart / bounce your jboss server instance.

      Show
      WARNING: this workaround essentially re-opens the security issue which was present in EAP 5.1.2 and lower. It is NOT recommended to use this. 1.Open in test editor displayOpResult.jsp in jmx-console.war. 2.Edit / change below mentioned scriptlet <%! /** Translate HTML tags and single and double quotes. */ public String translateMetaCharacters(Object value) { if(value == null) return null; String s = String.valueOf(value); String sanitizedName = s.replace("<", "<"); sanitizedName = sanitizedName.replace(">", ">"); sanitizedName = sanitizedName.replace("\"", """); sanitizedName = sanitizedName.replace("\'", "'"); return sanitizedName; } %> To <%! /** Translate HTML tags and single and double quotes. */ public String translateMetaCharacters(Object value) { if(value == null) return null; String s = String.valueOf(value); String sanitizedName = s.replace("\"", """); sanitizedName = sanitizedName.replace("\'", "'"); return sanitizedName; } %> 3.save the changes in displayOpResult.jsp and restart / bounce your jboss server instance.
    • Estimated Difficulty:
      Medium
    • Docs QE Status:
      NEW

      Description

      Clicking on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console produces unformatted results. Raw html is displayed

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                tfonteyn Tom Fonteyne
                Reporter:
                avijra abhishek vijra
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: