Quick Links

Bug #4387 - User can not insert any value on view data if table and column name contains SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';

From:	Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com>
To:	pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject:	Bug #4387 - User can not insert any value on view data if table and column name contains SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';
Date:	2020-08-05 08:09:03
Message-ID:	CAMa=N=OvqpwM8XgVb58NFnoQZr6XuVDfe+SL-=yfO6D=DMbLfw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-hackers

Hello,

Please find patch which fixes 2 issues reported in Bug #4387
<https://redmine.postgresql.org/issues/4387>
1.Incorrect Column name when column name is like *'SELECT
'<<SCRIPT>alert("XSS ");//<</SCRIPT>;*''
2.Unable to enter data when the above column is primary key.

Thanks,
Yogesh Mahajan
QA - Team
EnterpriseDB Corporation

Phone: +91-9741705709

Attachment	Content-Type	Size
RM4387_v1.patch	application/x-patch	3.6 KB

Responses

Re: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';* at 2020-08-06 07:13:05 from Akshay Joshi

Browse pgadmin-hackers by date

	From	Date	Subject
Next Message	Pramod Ahire	2020-08-05 11:14:14	Code coverage report generation for JS files
Previous Message	Akshay Joshi	2020-08-05 07:32:05	Re: Patch for SonarQube code scan fixes.

Quick Links

Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';*

Responses

Browse pgadmin-hackers by date

Bug #4387 - User can not insert any value on view data if table and column name contains SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';