Re: [Phpmyadmin-devel] XSS safe checks

2 Jul 2014


      On Wed, Jul 2, 2014 at 11:56 AM, Edward Cheng c4150221@gmail.com wrote:
...
Hi,
...
From this comment:
https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d779702...
I find I save a bookmark which label named
"<script>alert("XSS");</script>", it runs while I click SQL tab.
Is it safe enough? Should we add htmlspecialchars() to INSERT query
included functions(e.g. PMA_Bookmark_save)?
Hi,
Please have a look at here also:
https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d779702...
...
--
Edward Cheng
-- 
Regards,
Chirayu Chiripal
phpMyAdmin Intern - Google Summer of Code 2014
https://chirayuchiripal.wordpress.com/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [Phpmyadmin-devel] XSS safe checks