From: Jo-Philipp Wich Date: Mon, 22 Jul 2019 15:18:15 +0000 (+0200) Subject: luci-base: ui.js: HTML escape custom dropdown values X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=a6c538a7767fbf62aeac95e575021b7b345b1912;p=project%2Fluci.git luci-base: ui.js: HTML escape custom dropdown values Signed-off-by: Jo-Philipp Wich --- diff --git a/modules/luci-base/htdocs/luci-static/resources/ui.js b/modules/luci-base/htdocs/luci-static/resources/ui.js index bff717eb8e..e47e11b1cd 100644 --- a/modules/luci-base/htdocs/luci-static/resources/ui.js +++ b/modules/luci-base/htdocs/luci-static/resources/ui.js @@ -879,7 +879,7 @@ var UIDropdown = UIElement.extend({ else markup = '
  • {{value}}
  • '; - new_item = E(markup.replace(/{{value}}/g, item)); + new_item = E(markup.replace(/{{value}}/g, '%h'.format(item))); if (sbox.options.multiple) { sbox.transformItem(sb, new_item);