Bug 902812

Summary: Output of JNDI View MBean, invoked through jmx-console has bad html markup
Product: [JBoss] JBoss Enterprise SOA Platform 5 Reporter: Jiri Sedlacek <jsedlace>
Component: Monitoring and ManagementAssignee: Nobody <nobody>
Status: NEW --- QA Contact: Matej Melko <mmelko>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.3.1CC: ldimaggi, oskutka, soa-p-jira
Target Milestone: ER5   
Target Release: 5.3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The output of JNDI View MBean, invoked through jmx-console, renders incorrectly. This is because, in the HTML source code, HTMNL tags are encoded with &lt; and &gt;, so they do not displayed properly in browsers.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Sedlacek 2013-01-22 13:09:18 UTC 
Description of problem:

The output of JNDI View MBean, invoked through jmx-console looks like the example below:

<h1> Other components with java:comp namespace</h1>
<h2>java:comp namespace of the component jboss.j2ee:jar=jaxws-jbws944.jar,name=FooBean01,service=EJB3 :</h2>
<pre>
  +- EJBContext[link -> java:internal/EJBContext] (class: javax.naming.LinkRef)
  +- TransactionSynchronizationRegistry[link -> java:TransactionSynchronizationRegistry] (class: javax.naming.LinkRef)
  +- UserTransaction (class: org.jboss.ejb3.tx.UserTransactionImpl)
  +- env (class: org.jnp.interfaces.NamingContext)
  +- ORB[link -> java:/JBossCorbaORB] (class: javax.naming.LinkRef)
</pre>
<h1>java: Namespace</h1>
<pre>
  +- BPELDB (class: org.jboss.resource.adapter.jdbc.WrapperDataSource)
  +- securityManagement (class: org.jboss.security.integration.JNDIBasedSecurityManagement)
  +- comp (class: javax.namingMain.Context)
  +- JBossESBDS (class: org.jboss.resource.adapter.jdbc.WrapperDataSource)
  +- XAConnectionFactory (class: org.hornetq.jms.client.HornetQXAConnectionFactory)


In the html source code, html tags are encoded with &lt; and &gt;, so these are not displayed properly in browsers.
Comment 1 Len DiMaggio 2013-01-22 14:39:48 UTC 
This is an EAP bug - in EAP 5.2.0.ER6
Comment 2 Len DiMaggio 2013-01-22 15:55:27 UTC 
It's not a bug in EAP 5.1.2
Comment 4 JBoss JIRA Server 2013-03-20 21:14:42 UTC 
Chris Sams <csams> made a comment on jira JBPAPP-10598

It looks like this also is an issue elsewhere in jmx-console:

jboss.messaging.destination topic has an mbean operation named:  listAllSubscriptionsAsHTML with the same behavior.
Comment 5 JBoss JIRA Server 2013-07-03 16:10:56 UTC 
Tom Fonteyne <tfonteyn> made a comment on jira JBPAPP-10598

It was introduced due to added security for preventing cross-site scripting.
I'm currently looking at it, but not sure yet if/what can be done.

Slightly related is: https://issues.jboss.org/browse/JBPAPP-10803