Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bVdAm-0003eL-17 for pgadmin-hackers@arkaria.postgresql.org; Fri, 05 Aug 2016 11:20:16 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1bVdAl-0004Px-GY for pgadmin-hackers@arkaria.postgresql.org; Fri, 05 Aug 2016 11:20:15 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1bVdAk-0004ON-QH for pgadmin-hackers@postgresql.org; Fri, 05 Aug 2016 11:20:14 +0000 Received: from mail-it0-x22e.google.com ([2607:f8b0:4001:c0b::22e]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1bVdAh-0001DV-BA for pgadmin-hackers@postgresql.org; Fri, 05 Aug 2016 11:20:14 +0000 Received: by mail-it0-x22e.google.com with SMTP id x130so19296235ite.1 for ; Fri, 05 Aug 2016 04:20:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pgadmin-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=N7YhcB7n/uUp1nuLkMdwv+CNB8na7byuDCRv/0kkbcY=; b=fvpfJhWPusNWaUdwFN95CL1tbP0NzeLcZDk1GFLuY0I9T50APeUBv3HK3xSg7lSuWu On/8dVsGLwIr619avrJ8hLMRzvCzCkIvOiFJL21urWXbHVeOUtjzEKjh/3WlgRxyjcDI lTyEsTOk4ZB6QKx+Bz9od5f1QrBEw65C8+b5zyxM7CLW8kC1V3q27mOaovkO6w1fM9jh e8vHfENs2yrlzK/n78DKuyuBOCK1Z6ox1rppyhnmMBgERSzqXj4s8j3ShlY+FYXyAUSP eLoR8NLWkqdIhMIQC8ok1dQgM0o8FdcCKAQwWWih4Lo9gML7vOFl8gKWg3LNmlc/IaGS Qheg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=N7YhcB7n/uUp1nuLkMdwv+CNB8na7byuDCRv/0kkbcY=; b=fZS7B+pj+Ppzp3+sxs71/8fuNU5AECO24VZpelatv9CfzmaLHhx8idg/YvdEkl80lF Z1GhW91Qqf9QPiQHKT933MxNVtUDEWn2yCgxFf6SPXFMmITWZcbN3G12RZGu1Wp4XlO1 bTYeckP0HWGFo5LwOsQ32vANsIpWBMLpG3v3F9ejKP7seToF4RNZhAEt/1N+JSqqs6EU 7jM/phxcq9pnLZ+CvNL6kKCEgaAum2Hq4ZyfFu4SnDyF4htdRzFJ34T4xUoIdsiwaFWg SA2xt13sMspiUiEiLWAaaUWLpwZ6B5KRokWc9WNdXWNy/lH0qdTN5Q/ENzr1Ok/OPnQD MqLA== X-Gm-Message-State: AEkooutNLsQxvBkaNRbATa/lEBEVhnCIg6NHigf4JlAq1mBj8PAZqQE1YqhAX0eVzjnxbuAHTkoBtfqjPFRxHg== X-Received: by 10.36.51.206 with SMTP id k197mr3869471itk.37.1470396009478; Fri, 05 Aug 2016 04:20:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.64.208.97 with HTTP; Fri, 5 Aug 2016 04:20:08 -0700 (PDT) In-Reply-To: References: From: Dave Page Date: Fri, 5 Aug 2016 12:20:08 +0100 Message-ID: Subject: Re: [pgAdmin4][Patch]: RM 1527: XSS vulnerabilities To: Khushboo Vashi Cc: pgadmin-hackers Content-Type: text/plain; charset=UTF-8 X-Pg-Spam-Score: -2.6 (--) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgadmin-hackers Precedence: bulk Sender: pgadmin-hackers-owner@postgresql.org Thanks, applied. On Fri, Aug 5, 2016 at 10:31 AM, Khushboo Vashi wrote: > Hi, > > Please find the attached patch to fix the RM 1527: XSS vulnerabilities. > > Fixed items: > > 1. Tree Node labels while loading, adding and updating the node > 2. Error and Success messages of Alertify dialogue > 3. Properties dialogue: un-editable controls > 4. SQL Editor title > > Please review the patch and let me know if I missed something. > > Thanks, > Khushboo > > > > -- > Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgadmin-hackers > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgadmin-hackers mailing list (pgadmin-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgadmin-hackers