Opened 4 years ago
Closed 4 years ago
#1899 closed defect (fixed)
WARN [e Jetty-3847] vlet.filters.XSSRequestWrapper: URL "/stats.jsp" Stripped param "go" : "#Bandwidth"
| Reported by: | anonymous maybe | Owned by: | zzz |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.9.30 |
| Component: | apps/console | Version: | 0.9.28 |
| Keywords: | Cc: | str4d | |
| Parent Tickets: | Sensitive: | no |
Description (last modified by )
- I2P Version and Running Environment
I2P version: 0.9.28-0-1ubuntu1
Java version: Oracle Corporation 1.7.0_111 (OpenJDK Runtime Environment 1.7.0_111-b01)
Wrapper version: 3.5.25
Server version: 8.1.16.v20140903
Servlet version: Jasper JSP 2.1 Engine
JSTL version: standard-taglib 1.2.0
Platform: Linux amd64 4.4.31-11.pvops.qubes.x86_64
Jcpuid version: 3
Processor: Haswell Core i3/i5/i7 model 60 (coreihwl)
Jbigi: Locally optimized native BigInteger? library loaded from file
Jbigi version: 4
GMP version: 6.0.0
Encoding: UTF-8
Charset: UTF-8
- Router Logs
12/20/16 6:46:31 PM ↓↓↓ 1 similar message omitted ↓↓↓
12/20/16 6:46:31 PM WARN [e Jetty-3847] vlet.filters.XSSRequestWrapper: URL "/stats.jsp" Stripped param "go" : "#Bandwidth"
12/18/16 8:06:36 PM ↓↓↓ 3 similar messages omitted ↓↓↓
12/18/16 8:06:34 PM WARN [uter Console] rg.eclipse.jetty.server.Server: Couldn't initialize the InstanceManager required by Tomcat Jasper: java.lang.ClassNotFoundException: org.apache.tomcat.SimpleInstanceManager
12/18/16 8:06:34 PM WARN [Addressbook ] .naming.BlockfileNamingService: The hosts database was not closed cleanly or is still open by another process
12/18/16 8:06:34 PM ↓↓↓ 3 similar messages omitted ↓↓↓
12/18/16 8:06:32 PM WARN [uter Console] rg.eclipse.jetty.server.Server: Couldn't initialize the InstanceManager required by Tomcat Jasper: java.lang.ClassNotFoundException: org.apache.tomcat.SimpleInstanceManager
12/18/16 8:06:32 PM INFO [uter Console] rg.eclipse.jetty.server.Server: Please ignore any InstanceManager warnings
Subtickets
Change History (7)
comment:1 Changed 4 years ago by
| Component: | unspecified → apps/console |
|---|---|
| Milestone: | undecided → 0.9.29 |
| Owner: | set to zzz |
| Status: | new → accepted |
comment:2 Changed 4 years ago by
comment:3 follow-up: 4 Changed 4 years ago by
| Cc: | str4d added |
|---|---|
| Description: | modified (diff) |
| Milestone: | 0.9.29 → 0.9.30 |
Fixing this now would create more merge issues for str4d's 'refresh' in 0.9.30, or he may have already fixed it or has a better idea on how to, so deferring this until .30.
comment:4 Changed 4 years ago by
Replying to zzz:
Fixing this now would create more merge issues for str4d's 'refresh' in 0.9.30, or he may have already fixed it or has a better idea on how to, so deferring this until .30.
we r now in version 9.31 , so any clue what happened regarding this ticket ?
comment:5 follow-up: 6 Changed 4 years ago by
I don't. It's your ticket, so you should know. How about you report if it's fixed or still broken in .31?
comment:6 Changed 4 years ago by
Replying to zzz:
I don't. It's your ticket, so you should know. How about you report if it's fixed or still broken in .31?
i will set it to fix because it didnt appear again.
comment:7 Changed 4 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
That strange navigate via option box with js is from jrandom and is the only place we do that. Without full stats, which is not the default, there's not that many stats and you can just scroll down. Rather than change the parameter name to bypass the XSS filter, I'm inclined to just rip it out. If anybody knows a better way to do a nav dropdown, speak up.