[Phpmyadmin-devel] XSS safe checks
michal at cihar.com
Wed Jul 2 10:36:55 CEST 2014
Dne Wed, 2 Jul 2014 12:35:15 +0530
Chirayu Chiripal <chirayu.chiripal at gmail.com> napsal(a):
> I cannot reproduce this on master before your patch. So, it seems
> PMA_Bookmark_save is safe enough and htmlspecialchars is not required there.
I think it makes no sense to espace HTML when saving to database, this
should be done at display time whenever displaying data which user can
control (eg. table/database name, bookmark, SQL query, ...).
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Developers