Skip to content

JS injection in column names #794

Closed
Closed
@benrr101

Description

Using a column defined as [<script type='text/javascript'>alert('qqq')</script>], the column header when selecting * for the table will be blank. This implies that the column header is being interpreted as javascript, thus this is a javascript injection bug.

Fortunately, there's not a large impact for this bug since 1) column names that are js script tags are highly unlikely, and likely only going to cause a js injection on yourself, and 2) the webview prevents requests to outside its origin (ie, localhost).

Nevertheless this is a issue that should be fixed like we fixed it in the cells.

Activity

self-assigned this
on Mar 27, 2017
benrr101

benrr101 commented on Mar 27, 2017

@benrr101
ContributorAuthor

Fixed in #795

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    JS injection in column names · Issue #794 · microsoft/vscode-mssql