From a6c538a7767fbf62aeac95e575021b7b345b1912 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 22 Jul 2019 17:18:15 +0200 Subject: [PATCH] luci-base: ui.js: HTML escape custom dropdown values Signed-off-by: Jo-Philipp Wich --- modules/luci-base/htdocs/luci-static/resources/ui.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/luci-base/htdocs/luci-static/resources/ui.js b/modules/luci-base/htdocs/luci-static/resources/ui.js index bff717eb8e..e47e11b1cd 100644 --- a/modules/luci-base/htdocs/luci-static/resources/ui.js +++ b/modules/luci-base/htdocs/luci-static/resources/ui.js @@ -879,7 +879,7 @@ var UIDropdown = UIElement.extend({ else markup = '
  • {{value}}
  • '; - new_item = E(markup.replace(/{{value}}/g, item)); + new_item = E(markup.replace(/{{value}}/g, '%h'.format(item))); if (sbox.options.multiple) { sbox.transformItem(sb, new_item); -- 2.30.2