projects / project / luci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83a59dc) | patch
luci-base: escape path strings and field parameter
authorJo-Philipp Wich <jo@mein.io>
Sat, 7 Apr 2018 09:43:44 +0000 (11:43 +0200)
committerJo-Philipp Wich <jo@mein.io>
Sat, 7 Apr 2018 09:43:44 +0000 (11:43 +0200)
commit5c31937a0f0bf8fa2f0161cadae9688fff9c227e
treed5650cba6128faa79679554c351ef64a411c0a07tree | snapshot
parent83a59dc0f74ad5da70a087c18533472742b236cccommit | diff
luci-base: escape path strings and field parameter

Prevent various XSS vectors by not interpolating field and path values
verbatim into script and html contexts.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/luasrc/view/cbi/filebrowser.htm diff | blob | history
Lua Configuration Interface (mirror)