From 749268a2cad4a08722e30f66a578e254885f450f Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 13 Jan 2023 21:16:58 +0100 Subject: [PATCH] luci-app-openvpn: fix potential XSS in pageswitch template Ensure to escape URL instance parameter displayed in the heading. Signed-off-by: Jo-Philipp Wich (cherry picked from commit 25983b9fa572a640a7ecd077378df2790266cd61) --- .../luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm index 0792763085..c464ef4781 100644 --- a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm +++ b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm @@ -9,7 +9,7 @@

<%:Overview%> » - <%=luci.i18n.translatef("Instance \"%s\"", self.instance)%> + <%=luci.i18n.translatef("Instance \"%s\"", pcdata(self.instance))%>

<% if self.mode == "basic" then %> <%:Switch to advanced configuration%> »

-- 2.30.2