Re: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';*

From: Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com>
To: Yogesh Mahajan <yogesh(dot)mahajan(at)enterprisedb(dot)com>
Cc: pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: Bug #4387 - User can not insert any value on view data if table and column name contains *SELECT '<<SCRIPT>alert("XSS ");//<</SCRIPT>';*
Date: 2020-08-06 07:13:05
Message-ID: CANxoLDec1bkUHJcep-650Z9snhdfuHoexkQJsuzAMJ0xk=CJRw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgadmin-hackers

Thanks, patch applied.

On Wed, Aug 5, 2020 at 1:39 PM Yogesh Mahajan <
yogesh(dot)mahajan(at)enterprisedb(dot)com> wrote:

> Hello,
>
> Please find patch which fixes 2 issues reported in Bug #4387
> <https://redmine.postgresql.org/issues/4387>
> 1.Incorrect Column name when column name is like *'SELECT
> '<<SCRIPT>alert("XSS ");//<</SCRIPT>;*''
> 2.Unable to enter data when the above column is primary key.
>
> Thanks,
> Yogesh Mahajan
> QA - Team
> EnterpriseDB Corporation
>
> Phone: +91-9741705709
>

--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Sr. Software Architect*
*EDB Postgres <http://edbpostgres.com>*

*Mobile: +91 976-788-8246*

In response to

Browse pgadmin-hackers by date

  From Date Subject
Next Message Akshay Joshi 2020-08-06 07:13:15 Re: [pgAdmin4][Patch] - SonarQube Issues - 13 (String literals should not be duplicated)
Previous Message Akshay Joshi 2020-08-06 07:12:42 pgAdmin 4 commit: Fixed code smell 'String literals should not be dupli