From 588381e2111079265cc3b20af33507052f1b58cb Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Fri, 13 Jan 2023 20:52:17 +0100
Subject: [PATCH] luci-mod-system: fix potential stored XSS

Make sure to escape the key contents in the delete confirmation dialog.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0186d7eae0e123a409e9919a83fdfecc7945c984)
---
 .../htdocs/luci-static/resources/view/system/sshkeys.js         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
index 8b12b2311e..9aacdb96bb 100644
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
@@ -198,7 +198,7 @@ function removeKey(ev) {
 
 	L.showModal(_('Delete key'), [
 		E('div', _('Do you really want to delete the following SSH key?')),
-		E('pre', delkey),
+		E('pre', [ delkey ]),
 		E('div', { class: 'right' }, [
 			E('div', { class: 'btn', click: L.hideModal }, _('Cancel')),
 			' ',
-- 
2.30.2