From 21210dc2fb001f0a2a0c7195230d03147cd89e69 Mon Sep 17 00:00:00 2001
From: Paul Donald <newtwen@gmail.com>
Date: Sat, 3 Feb 2024 16:14:35 +0100
Subject: [PATCH] luci-lib-nixio: Code quality fixes

future variants could use en/decodeURIComponent

ordering is important when handling "&"

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit d46da53bcd1f822d5b11772fc85b475b9d9174ff)
---
 libs/luci-lib-nixio/axTLS/www/index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/luci-lib-nixio/axTLS/www/index.html b/libs/luci-lib-nixio/axTLS/www/index.html
index 25cd2e69b1..9896cd8a54 100755
--- a/libs/luci-lib-nixio/axTLS/www/index.html
+++ b/libs/luci-lib-nixio/axTLS/www/index.html
@@ -5943,10 +5943,10 @@ String.prototype.htmlEncode = function()
 	return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
 }
 
-// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+// Convert "&lt;" to <, "&gt;" to >, "&quot;" to " and "&amp;" to & (& handled last for security reasons)
 String.prototype.htmlDecode = function()
 {
-	return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+	return(this.replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\"").replace(/&amp;/mg,"&"));
 }
 
 // Parse a space-separated string of name:value parameters where:
-- 
2.30.2