Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-10704

Clicking on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console produces unformatted results. Raw html is displayed

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Optional
    • Resolution: Won't Do
    • EAP_EWP 5.2.0
    • EAP_EWP 5.3.1.GA
    • JMX, Web
    • None
    • Hide

      click on invoke button on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console

      Show
      click on invoke button on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console
    • Workaround Exists
    • Hide

      WARNING: this workaround essentially re-opens the security issue which was present in EAP 5.1.2 and lower.
      It is NOT recommended to use this.

      1.Open in test editor displayOpResult.jsp in jmx-console.war.

      2.Edit / change below mentioned scriptlet

      <%!
      /**

      • Translate HTML tags and single and double quotes.
        */
        public String translateMetaCharacters(Object value)
        {
        if(value == null)
        return null;

      String s = String.valueOf(value);
      String sanitizedName = s.replace("<", "<");
      sanitizedName = sanitizedName.replace(">", ">");
      sanitizedName = sanitizedName.replace("\"", """);
      sanitizedName = sanitizedName.replace("\'", "'");
      return sanitizedName;
      }

      %>

      To

      <%!
      /**

      • Translate HTML tags and single and double quotes.
        */
        public String translateMetaCharacters(Object value)
        {
        if(value == null)
        return null;

      String s = String.valueOf(value);
      String sanitizedName = s.replace("\"", """);
      sanitizedName = sanitizedName.replace("\'", "'");

      return sanitizedName;
      }

      %>

      3.save the changes in displayOpResult.jsp and restart / bounce your jboss server instance.

      Show
      WARNING: this workaround essentially re-opens the security issue which was present in EAP 5.1.2 and lower. It is NOT recommended to use this. 1.Open in test editor displayOpResult.jsp in jmx-console.war. 2.Edit / change below mentioned scriptlet <%! /** Translate HTML tags and single and double quotes. */ public String translateMetaCharacters(Object value) { if(value == null) return null; String s = String.valueOf(value); String sanitizedName = s.replace("<", "<"); sanitizedName = sanitizedName.replace(">", ">"); sanitizedName = sanitizedName.replace("\"", """); sanitizedName = sanitizedName.replace("\'", "'"); return sanitizedName; } %> To <%! /** Translate HTML tags and single and double quotes. */ public String translateMetaCharacters(Object value) { if(value == null) return null; String s = String.valueOf(value); String sanitizedName = s.replace("\"", """); sanitizedName = sanitizedName.replace("\'", "'"); return sanitizedName; } %> 3.save the changes in displayOpResult.jsp and restart / bounce your jboss server instance.
    • Medium
    • NEW

    Description

      Clicking on listThreadCpuUtilization or listThreadDump under org.jboss.system.server.ServerInfo in the JMX Console produces unformatted results. Raw html is displayed

      Attachments

        Activity

          People

            tfonteyn Tom Fonteyne (Inactive)
            avijra_jira abhishek vijra (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: