[Phpmyadmin-devel] XSS safe checks
Chirayu Chiripal
chirayu.chiripal at gmail.com
Wed Jul 2 08:59:49 CEST 2014
On Wed, Jul 2, 2014 at 11:56 AM, Edward Cheng <c4150221 at gmail.com> wrote:
> Hi,
> >From this comment:
>
> https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d779702688e873ce60f#commitcomment-6861877
> I find I save a bookmark which label named
> "<script>alert("XSS");</script>", it runs while I click SQL tab.
> Is it safe enough? Should we add htmlspecialchars() to INSERT query
> included functions(e.g. PMA_Bookmark_save)?
>
Hi,
Please have a look at here also:
https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d779702688e873ce60f#commitcomment-6861899
> --
> Edward Cheng
>
>
--
Regards,
Chirayu Chiripal
phpMyAdmin Intern - Google Summer of Code 2014
https://chirayuchiripal.wordpress.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20140702/cae8facc/attachment.html>
More information about the Developers
mailing list