Opened 2 years ago
Closed 17 months ago
#1899 closed defect (fixed)
WARN [e Jetty-3847] vlet.filters.XSSRequestWrapper: URL "/stats.jsp" Stripped param "go" : "#Bandwidth"
| Reported by: | anonymous maybe | Owned by: | zzz |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.9.30 |
| Component: | apps/console | Version: | 0.9.28 |
| Keywords: | Cc: | str4d | |
| Parent Tickets: |
Description (last modified by zzz)
- I2P Version and Running Environment
I2P version: 0.9.28-0-1ubuntu1
Java version: Oracle Corporation 1.7.0_111 (OpenJDK Runtime Environment 1.7.0_111-b01)
Wrapper version: 3.5.25
Server version: 8.1.16.v20140903
Servlet version: Jasper JSP 2.1 Engine
JSTL version: standard-taglib 1.2.0
Platform: Linux amd64 4.4.31-11.pvops.qubes.x86_64
Jcpuid version: 3
Processor: Haswell Core i3/i5/i7 model 60 (coreihwl)
Jbigi: Locally optimized native BigInteger? library loaded from file
Jbigi version: 4
GMP version: 6.0.0
Encoding: UTF-8
Charset: UTF-8
- Router Logs
12/20/16 6:46:31 PM ↓↓↓ 1 similar message omitted ↓↓↓
12/20/16 6:46:31 PM WARN [e Jetty-3847] vlet.filters.XSSRequestWrapper: URL "/stats.jsp" Stripped param "go" : "#Bandwidth"
12/18/16 8:06:36 PM ↓↓↓ 3 similar messages omitted ↓↓↓
12/18/16 8:06:34 PM WARN [uter Console] rg.eclipse.jetty.server.Server: Couldn't initialize the InstanceManager required by Tomcat Jasper: java.lang.ClassNotFoundException: org.apache.tomcat.SimpleInstanceManager
12/18/16 8:06:34 PM WARN [Addressbook ] .naming.BlockfileNamingService: The hosts database was not closed cleanly or is still open by another process
12/18/16 8:06:34 PM ↓↓↓ 3 similar messages omitted ↓↓↓
12/18/16 8:06:32 PM WARN [uter Console] rg.eclipse.jetty.server.Server: Couldn't initialize the InstanceManager required by Tomcat Jasper: java.lang.ClassNotFoundException: org.apache.tomcat.SimpleInstanceManager
12/18/16 8:06:32 PM INFO [uter Console] rg.eclipse.jetty.server.Server: Please ignore any InstanceManager warnings
Subtickets
Change History (7)
comment:1 Changed 2 years ago by zzz
- Component changed from unspecified to apps/console
- Milestone changed from undecided to 0.9.29
- Owner set to zzz
- Status changed from new to accepted
comment:2 Changed 2 years ago by zzz
comment:3 follow-up: ↓ 4 Changed 2 years ago by zzz
- Cc str4d added
- Description modified (diff)
- Milestone changed from 0.9.29 to 0.9.30
Fixing this now would create more merge issues for str4d's 'refresh' in 0.9.30, or he may have already fixed it or has a better idea on how to, so deferring this until .30.
comment:4 in reply to: ↑ 3 Changed 18 months ago by anonymous maybe
Replying to zzz:
Fixing this now would create more merge issues for str4d's 'refresh' in 0.9.30, or he may have already fixed it or has a better idea on how to, so deferring this until .30.
we r now in version 9.31 , so any clue what happened regarding this ticket ?
comment:5 follow-up: ↓ 6 Changed 18 months ago by zzz
I don't. It's your ticket, so you should know. How about you report if it's fixed or still broken in .31?
comment:6 in reply to: ↑ 5 Changed 17 months ago by anonymous maybe
Replying to zzz:
I don't. It's your ticket, so you should know. How about you report if it's fixed or still broken in .31?
i will set it to fix because it didnt appear again.
comment:7 Changed 17 months ago by anonymous maybe
- Resolution set to fixed
- Status changed from accepted to closed
That strange navigate via option box with js is from jrandom and is the only place we do that. Without full stats, which is not the default, there's not that many stats and you can just scroll down. Rather than change the parameter name to bypass the XSS filter, I'm inclined to just rip it out. If anybody knows a better way to do a nav dropdown, speak up.