luci-base: ui.js: HTML escape uci changelog values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/modules/luci-base/htdocs/luci-static/resources/ui.js b/modules/luci-base/htdocs/luci-static/resources/ui.js
index e47e11b1cddd8dacdef4977f6e7f9bf51feefada..1a98dbcc9a00f4ca01992be5d5f4e6be9a069736 100644 (file)
--- a/modules/luci-base/htdocs/luci-static/resources/ui.js
+++ b/modules/luci-base/htdocs/luci-static/resources/ui.js
@@ -1797,7 +1797,7 @@ return L.Class.extend({
                                                                return chg[1];
 
                                                case 4:
-                                                       return "'" + chg[3].replace(/'/g, "'\"'\"'") + "'";
+                                                       return "'%h'".format(chg[3].replace(/'/g, "'\"'\"'"));
 
                                                default:
                                                        return chg[m1-1];