Prevent iFrame Injection - Githubissues

Esri / spatial-framework-for-hadoop

The Spatial Framework for Hadoop allows developers and data scientists to use the Hadoop data processing system for spatial data analysis.

Apache License 2.0

363 stars 160 forks source link

Prevent iFrame Injection #192

Closed RedYetiDev closed 4 months ago

RedYetiDev commented 4 months ago

This pull-request will prevent any/all forms of iFrame Injection within the Javadoc page.

[!NOTE] While this is a security issue, due to the low-severity of it, I do not believe it needs to be kept confidential, and it can be publicly displayed as a Github Pull-Request.

randallwhitman commented 4 months ago

Thanks @RedYetiDev - would it do as well to regenerate the JavaDoc with a newer JDK?

RedYetiDev commented 4 months ago

Yes that will also work, but I figured that if you might not want to make that change, this will also serve as a fix

randallwhitman commented 4 months ago

ideally the javadoc would to up-to-date for v2 - https://github.com/Esri/spatial-framework-for-hadoop/releases/tag/v2.0.0

RedYetiDev commented 4 months ago

Should I close this PR?

randallwhitman commented 4 months ago

No, let's not close it now - we can review whether this first or javadoc update straightway - thanks.

randallwhitman commented 4 months ago

If you like, you can review that #193 achieves this objective.

RedYetiDev commented 4 months ago

Looks good! Would you like me to close this?

randallwhitman commented 4 months ago

Yes, if the objective is covered, let's close it - thanks.