[Phpmyadmin-devel] XSS safe checks
Edward Cheng
c4150221 at gmail.com
Wed Jul 2 08:26:31 CEST 2014
Hi,
>From this comment:
https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d779702688e873ce60f#commitcomment-6861877
I find I save a bookmark which label named
"<script>alert("XSS");</script>", it runs while I click SQL tab.
Is it safe enough? Should we add htmlspecialchars() to INSERT query
included functions(e.g. PMA_Bookmark_save)?
--
Edward Cheng
More information about the Developers
mailing list