BPI/luci
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-mod-system: fix potential stored XSS

Browse Source 
Make sure to escape the key contents in the delete confirmation dialog.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0186d7eae0e123a409e9919a83fdfecc7945c984)
This commit is contained in:
Jo-Philipp Wich 2023-01-13 20:52:17 +01:00
parent d548d858c8
commit aa7938d4cb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
View File

@ -198,7 +198,7 @@ function removeKey(ev) {
L.showModal(_('Delete key'), [
E('div', _('Do you really want to delete the following SSH key?')),
E('pre', delkey),
E('pre', [ delkey ]),
E('div', { class: 'right' }, [
E('div', { class: 'btn', click: L.hideModal }, _('Cancel')),
' ',