IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow editing of data where a primary key column includes a % sign in the value. Fixes #4036

Browse Source 
Fix an XSS issue seen in View/Edit data mode if a column name includes HTML. Fixes #4367
This commit is contained in:
Aditya Toshniwal
2019-06-20 12:21:37 +01:00
committed by Dave Page
parent 5c0ea0c012
commit 6e8ebbd375
10 changed files with 112 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
web/pgadmin/tools/sqleditor/static/js/sqleditor.js
View File

@@ -783,7 +783,7 @@ define('tools.querytool', [
pos: c.pos,
field: c.name,
name: c.label,
display_name: c.display_name,
display_name: _.escape(c.display_name),
column_type: c.column_type,
column_type_internal: c.column_type_internal,
not_null: c.not_null,
@@ -794,7 +794,7 @@ define('tools.querytool', [
// Get the columns width based on longer string among data type or
// column name.
var column_type = c.column_type.trim();
var label = c.name.length > column_type.length ? c.name : column_type;
var label = c.name.length > column_type.length ? _.escape(c.display_name) : column_type;
if (_.isUndefined(column_size[table_name][c.name])) {
options['width'] = SqlEditorUtils.calculateColumnWidth(label);