| From: | Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com> |
|---|---|
| To: | Andrei Antonov <antonov(at)imp-m(dot)ru> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Re: security bug (with patch-fix) -- need more HTML-escaping for working with tree-nodes |
| Date: | 2017-05-10 07:56:51 |
| Message-ID: | CAG7mmoygGeXaeV9WT3cBtLKf_4qsdFBvivUZyp1pbkxmh3mUkw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Thanks.
Committed!
--
Thanks & Regards,
Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
<http://www.enterprisedb.com>
*http://www.linkedin.com/in/asheshvashi*
<http://www.linkedin.com/in/asheshvashi>
2017-05-10 1:06 GMT+05:30 Andrei Antonov <antonov(at)imp-m(dot)ru>:
> good day!
>
> i fixed tiny errors (html-escaping) , but it has security effects.
>
> see file "0001-escape-label-of-node-of-tree-when-events-add-remove-.patch"
> [ https://github.com/postgres-impulsm/pgadmin4/commit/f993513d
> 148fc6dd7e0196261f847e668d5e2c6c ]
>
>
>
>
> --
> Андрей Антонов,
> инженер-программист Отдела информационных технологий и программирования,
> компания «Импульс М»
>
> --
> Sent via pgadmin-hackers mailing list (pgadmin-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgadmin-hackers
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2017-05-10 07:59:05 | Re: security bug (with patch-fix) -- need more HTML-escaping for working with tree-nodes |
| Previous Message | Ashesh Vashi | 2017-05-10 07:56:39 | pgAdmin 4 commit: HTML escape the label, when setting the collection no |