BPI/luci
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
luci/modules/luci-base/htdocs
History
Jo-Philipp Wich db88156dff luci-base: form.js: do not execute embedded script code in stripTags() 
Instead of relying on .innerHTML which executes embedded script code to
parse a given HTML fragment, use dom.parse() which utilizies DOMParser()
internally in order to extract textContent in a safe manner.

Fixes: FS#4199
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=4199
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 993151504e8e810c083d3257555bdcdc2f00673a)
2021-12-23 17:10:18 +01:00
..
cgi-bin
treewide: minor fixes to typos, whitespace, and indentation
2021-01-20 12:36:13 +02:00
luci-static/resources
luci-base: form.js: do not execute embedded script code in stripTags()
2021-12-23 17:10:18 +01:00