projects / project / luci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 396f404)
luci-mod-system: fix potential stored XSS
authorJo-Philipp Wich <[email protected]>
Fri, 13 Jan 2023 19:52:17 +0000 (20:52 +0100)
committerJo-Philipp Wich <[email protected]>
Fri, 13 Jan 2023 20:18:33 +0000 (21:18 +0100)
Make sure to escape the key contents in the delete confirmation dialog.

Signed-off-by: Jo-Philipp Wich <[email protected]>
(cherry picked from commit 0186d7eae0e123a409e9919a83fdfecc7945c984)

modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js patch | blob | history

diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
index 8b12b2311e4591cd5706ae951b1d629c1a04ea99..9aacdb96bbe34aee9d5f5a95e1093dddd2156ac9 100644 (file)
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
@@ -198,7 +198,7 @@ function removeKey(ev) {
 
        L.showModal(_('Delete key'), [
                E('div', _('Do you really want to delete the following SSH key?')),
-               E('pre', delkey),
+               E('pre', [ delkey ]),
                E('div', { class: 'right' }, [
                        E('div', { class: 'btn', click: L.hideModal }, _('Cancel')),
                        ' ',
Lua Configuration Interface (mirror)