Quick Links

security bug (with patch-fix) -- need more HTML-escaping for working with tree-nodes

From:	Andrei Antonov <antonov(at)imp-m(dot)ru>
To:	pgadmin-hackers(at)postgresql(dot)org
Subject:	security bug (with patch-fix) -- need more HTML-escaping for working with tree-nodes
Date:	2017-05-09 19:36:48
Message-ID:	b6c79719012594bfe674b809337298b1@imp-m.ru
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-hackers

good day!

i fixed tiny errors (html-escaping) , but it has security effects.

see file
"0001-escape-label-of-node-of-tree-when-events-add-remove-.patch" [
https://github.com/postgres-impulsm/pgadmin4/commit/f993513d148fc6dd7e0196261f847e668d5e2c6c
]

--
Андрей Антонов,
инженер-программист Отдела информационных технологий и программирования,
компания «Импульс М»

Attachment	Content-Type	Size
0001-escape-label-of-node-of-tree-when-events-add-remove-.patch	text/x-diff	1.7 KB

Responses

Re: security bug (with patch-fix) -- need more HTML-escaping for working with tree-nodes at 2017-05-10 07:56:51 from Ashesh Vashi

Browse pgadmin-hackers by date

	From	Date	Subject
Next Message	Murtuza Zabuawala	2017-05-10 05:42:21	[pgAdmin4][PATCH] To fix the of issue in Trigger node
Previous Message	Harshal Dhumal	2017-05-09 16:32:10	Re: Re: Server side cursor limitations for on demand loading of data in query tool [RM2137] [pgAdmin4]