projects / project / luci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: debc3d3) | patch
luci-base: dispatcher.uc: prevent XSS through 404 error template
authorJo-Philipp Wich <jo@mein.io>
Fri, 10 Mar 2023 14:12:22 +0000 (15:12 +0100)
committerJo-Philipp Wich <jo@mein.io>
Fri, 10 Mar 2023 14:36:09 +0000 (15:36 +0100)
commit24d7da2416b9ab246825c33c213fe939a89b369c
tree1915573df5fc6256cad4a19598781f65d29ca3f3tree | snapshot
parentdebc3d396ae0340c7ee221a4fb45a5600d348ed1commit | diff
luci-base: dispatcher.uc: prevent XSS through 404 error template

Make sure to escape the user controlled URL passed as part of the error
message into the error404 template in order to avoid XSS.

Reported-by: 40826d <40826d@posteo.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/ucode/dispatcher.uc diff | blob | history
modules/luci-base/ucode/template/header.ut diff | blob | history
Lua Configuration Interface (mirror)