projects
/
project
/
luci.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
luci-base: form.js: do not execute embedded script code in stripTags()
[project/luci.git]
/
modules
/
luci-base
/
htdocs
/
luci-static
/
resources
/
form.js
diff --git
a/modules/luci-base/htdocs/luci-static/resources/form.js
b/modules/luci-base/htdocs/luci-static/resources/form.js
index 72b41734932f614a80856329b30a651403c16fc9..92c53253bb7f570e4216883560769d82ef55c7f1 100644
(file)
--- a/
modules/luci-base/htdocs/luci-static/resources/form.js
+++ b/
modules/luci-base/htdocs/luci-static/resources/form.js
@@
-279,7
+279,8
@@
var CBIAbstractElement = baseclass.extend(/** @lends LuCI.form.AbstractElement.p
if (typeof(s) == 'string' && !s.match(/[<>]/))
return s;
- var x = E('div', {}, s);
+ var x = dom.parse('<div>' + s + '</div>');
+
return x.textContent || x.innerText || '';
},
projects / project / luci.git / blobdiff