Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
Description
I don't think we really need commons-text in solr-core. I see it's for only one usage:
https://github.com/apache/solr/blob/c99af207c761ec34812ef1cc3054eb2804b7448b/solr/core/src/java/org/apache/solr/servlet/LoadAdminUiServlet.java#L83
String[] search = new String[] {"${contextPath}", "${adminPath}", "${version}"};
String[] replace =
new String[] {
StringEscapeUtils.escapeEcmaScript(request.getContextPath()),
StringEscapeUtils.escapeEcmaScript(CommonParams.CORES_HANDLER_PATH),
StringEscapeUtils.escapeEcmaScript(pack.getSpecificationVersion())
};
But contextPath & adminPath are no longer in our admin pages. "version" is. Regardless, I don't see why we need to escape EcmaScript; these variables come from internal/validated sources that will not have user provided data that could hack the pages.
Attachments
Issue Links
- is related to
-
SOLR-16464 Upgrade commons-text to 1.10.0
-
- Closed
-
- relates to
-
SOLR-4311 Admin UI - Optimize Caching Behaviour
-
- Closed
-
-
-
- Closed
-
- links to
