uses Go templating a number of places to generate HTML but does not escape the parameters to the template. Vitess could be exposed to front-end attacks such as cross-site scripting, if an attacker manages o/vt/topo/topoproto/shard.go#L54 func SourceShardAsHTML(source *topodatapb.Shard_SourceShard) template.HTML { result := fmt.Sprintf("Uid: %v
\nSource: %v/%v
\n", source.Uid, source result += fmt.Sprintf("Tables: %v
\n", strings.Join(source.Tables, " ")) } return template.HTML(result) } https://github.com/vitessio/vitess/blob/bd78c08ced8f6a3e55279d308a5a8402fd6780bc/g

to talk to the mysqlctl server (default “grpc”) 90 Name Type Definition mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init mysqlctl_socket string socket string the protocol to use to talk to the mysqlctl server (default “grpc”) -mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init -mysqlctl_socket string socket (default “grpc”) -tablet_protocol string how to talk to the vttablets (default “grpc”) -tablet_url_template string format string describing debug tablet url formatting. See the Go code for getTabletDebugURL()

master branch. Every pull request should meet the following requirements: • Use the Pull Request Template • Adhere to the Go coding guidelines and watch out for these common errors. • Contain a description Naming Convention hence we’d like to come up with guidelines and once agreed by maintainers provide a Template that will help streamline the above areas. For Issue Templates please refer to this section. #### string the protocol to use to talk to the mysqlctl server (default “grpc”) mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init mysqlctl_socket string socket

main branch. Every pull request should meet the following requirements: • Use the Pull Request Template • Adhere to the Go coding guidelines and watch out for these common errors. • Contain a description Convention and Labels hence we’d like to come up with guidelines and once agreed by maintainers provide a Template that will help streamline the above areas. For Issue Templates please refer to this section. Solution string the protocol to use to talk to the mysqlctl server (default “grpc”) mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init mysqlctl_socket string socket

master branch. Every pull request should meet the following requirements: • Use the Pull Request Template • Adhere to the Go coding guidelines and watch out for these common errors. • Contain a description Naming Convention hence we’d like to come up with guidelines and once agreed by maintainers provide a Template that will help streamline the above areas. For Issue Templates please refer to this section. Solution string the protocol to use to talk to the mysqlctl server (default “grpc”) mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init mysqlctl_socket string socket

string the protocol to use to talk to the mysqlctl server (default “grpc”) mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init mysqlctl_socket string socket string the protocol to use to talk to the mysqlctl server (default “grpc”) -mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init -mysqlctl_socket string socket (default “grpc”) -tablet_protocol string how to talk to the vttablets (default “grpc”) -tablet_url_template string format string describing debug tablet url formatting. See the Go code for getTabletDebugURL()

main branch. Every pull request should meet the following requirements: • Use the Pull Request Template • Adhere to the Go coding guidelines and watch out for these common errors. • Contain a description Convention and Labels hence we’d like to come up with guidelines and once agreed by maintainers provide a Template that will help streamline the above areas. For Issue Templates please refer to this section. Solution string the protocol to use to talk to the mysqlctl server (default “grpc”) mysqlctl_mycnf_template string template file to use for generating the my.cnf file during server init mysqlctl_socket string socket