luci-mod-system: minor code fixes for repokeys and sshkeys

Signed-off-by: Paul Donald <[email protected]>

diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
index a5a247abd2d05389d135bfb38e0d52ac56d8eb23..6703a50970565300cb8b2f346c3b445586b77d6e 100644 (file)
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/repokeys.js
@@ -19,7 +19,7 @@ const safeList = [
 ];
 
 function isFileInSafeList(file){
-       for (name of safeList) {
+       for (let name of safeList) {
                if (file === name)
                        return true;
        }
@@ -27,7 +27,7 @@ function isFileInSafeList(file){
 }
 
 function normalizeKey(s) {
-       return s.replace(/\s+/g, ' ').trim();
+       return s?.replace(/\s+/g, ' ')?.trim();
 }
 
 function determineKeyEnv() {
@@ -51,10 +51,16 @@ function listKeyFiles() {
        );
 }
 
+function safeText(str) {
+       return String(str).replace(/[&<>"']/g, s => ({
+               '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;'
+       }[s]));
+}
+
 function renderKeyItem(pubkey) {
        const safeFile = isFileInSafeList(pubkey?.filename);
        const lines = pubkey?.key?.trim()?.split('\n').map(line =>
-               [ E('br'), E('code', line) ]
+               [ E('br'), E('code', {}, [ safeText(line) ]) ]
        ).flat();
        return E('div', {
                class: 'item',
@@ -62,7 +68,7 @@ function renderKeyItem(pubkey) {
                'data-file': pubkey?.filename,
                'data-key': normalizeKey(pubkey?.key)
        }, [
-               E('strong', [ pubkey?.filename || _('Unnamed key') ]),
+               E('strong', {}, [ pubkey?.filename || _('Unnamed key') ]),
                ...lines
        ]);
 }

diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
index ce983c322802f340a05c323541036c62f86801ac..b953a8f9ab18c95169d8c1223e259243b564da7b 100644 (file)
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
@@ -118,14 +118,14 @@ function renderKeyItem(pubkey) {
                click: isReadonlyView ? null : removeKey,
                'data-key': pubkey.src
        }, [
-               E('strong', [ pubkey.comment || _('Unnamed key') ]), E('br'),
-               E('small', [
+               E('strong', {}, [ pubkey.comment || _('Unnamed key') ]), E('br'),
+               E('small', {}, [
                        '%s, %s'.format(pubkey.type, pubkey.curve || _('%d Bit').format(pubkey.bits)),
-                       pubkey.options ? E([], [
+                       pubkey.options ? E([], {}, [
                                ' / ', _('Options:'), ' ',
-                               E('code', Object.keys(pubkey.options).sort().join(', '))
+                               E('code', {}, [Object.keys(pubkey.options).sort().join(', ')])
                        ]) : '',
-                       E('br'), E('code', pubkey.fprint)
+                       E('br'), E('code', {}, [pubkey.fprint])
                ])
        ]);
 }