[
https://issues.apache.org/jira/browse/SOLR-15678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460857#comment-17460857
]
Aaron LaBella commented on SOLR-15678:
--------------------------------------
This change broke the solr admin Files section, namely because:
# MimeTypes.getKnownContentTypes() method doesn't include text/xml and the
files.js angular controller uses that content type
# The files.js JS controller also passes ;charset=utf-8 which the new method
wasn't properly supporting
Attached is a PATCH that resolves the issue. Please apply as soon as
possible.[^0001-account-for-missing-text-xml-content-type.patch]
> Disallow html content-type in ShowFileRequestHandler
> ----------------------------------------------------
>
> Key: SOLR-15678
> URL: https://issues.apache.org/jira/browse/SOLR-15678
> Project: Solr
> Issue Type: Task
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: 8.11
>
> Attachments: 0001-account-for-missing-text-xml-content-type.patch
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> ShowFileRequestHandler will return a file from a configSet, and is used in
> the Admin UI. It returns the file using its proper content type, so browsers
> will render JSON, XML and plain text correctly. However, for html files
> (although unllikely in a configset) it is better to render as plain-text in a
> browser. Both to avoid XSS and since users would want to see the html code,
> not a rendered page.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
