pgadmin-org
/
pgadmin4
mirror of https://github.com/pgadmin-org/pgadmin4.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed an XSS vulnerability issue in the Query Tool and View/Edit Data (CVE-2025-2946). #8602

pull/8616/head
Akshay Joshi 2025-03-31 11:30:26 +05:30
parent 6a850fff10
commit 1305d9910b
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/en_US/release_notes_9_2.rst
View File

@ -49,3 +49,4 @@ Bug fixes
| `Issue #8546 <https://github.com/pgadmin-org/pgadmin4/issues/8546>`_ - Fixed an issue where updating the grantee was not correctly applying the privileges.
| `Issue #8577 <https://github.com/pgadmin-org/pgadmin4/issues/8577>`_ - Fixed an issue where the upgrade_check API returned an unexpected keyword argument 'cafile' due to changes in the urllib package supporting Python v3.13.
| `Issue #8597 <https://github.com/pgadmin-org/pgadmin4/issues/8597>`_ - Fixed an issue where delete/rename was done on wrong file after sorting in Storage Manager.
| `Issue #8602 <https://github.com/pgadmin-org/pgadmin4/issues/8602>`_ - Fixed an XSS vulnerability issue in the Query Tool and View/Edit Data (CVE-2025-2946).

2
web/pgadmin/static/js/utils.js
View File

@ -602,7 +602,7 @@ export function measureText(text, font) {
measureText.ele.style.cssText = `position: absolute; visibility: hidden; white-space: nowrap; font: ${font}`;
document.body.appendChild(measureText.ele);
}
measureText.ele.innerHTML = text;
measureText.ele.textContent = text;
const dim = measureText.ele.getBoundingClientRect();
return {width: dim.width, height: dim.height};
}