It looks like XSS attacks against phpMyAdmin will be there forever. There is floating another in the air (if SourceForge would have working CVS, it would be already released). Maybe it's time to make complete rewrite of phpMyAdmin codebase? But that's too long term project and nobody seems to be interested in that. Maybe some security audit would help resolving at least most painful issues, but this is again same problem. Any volunteer to do this hard work?