Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules
History
Jo-Philipp Wich f25285a6c2 luci-mod-system: sshkeys.js: prevent XSS through pubkey comments 
Ensure to not display public key comments verbatim in order to prevent
injection of markup.

Reported-by: Eric McDonald <ericmcdonald@protonmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 944b55738e)
2022-09-21 14:50:02 +02:00
..
luci-base treewide: Backport translations and sync 2022-04-09 19:22:08 +03:00
luci-compat luci-base: move old cbi icons to luci-compat 2020-05-07 19:40:50 +02:00
luci-mod-admin-full luci-base: use cgi-io and rpcd-mod-file to handle file upload and browsing 2019-09-10 15:28:16 +02:00
luci-mod-admin-mini treewide: move server side CBI support to luci-compat 2019-11-03 20:49:31 +01:00
luci-mod-failsafe Revert "luci-base: move unused tools.webadmin class to luci-compat" 2020-03-06 17:35:08 +01:00
luci-mod-network luci-mod-network: allow literal "auto" value for distance 2021-09-28 08:58:09 -10:00
luci-mod-rpc luci-mod-rpc: drop "secret" value from rpc session objects 2019-01-30 16:51:49 +01:00
luci-mod-status luci-mod-status: fix potential XSS via specially crafted DNS names 2021-05-12 12:03:19 +02:00
luci-mod-system luci-mod-system: sshkeys.js: prevent XSS through pubkey comments 2022-09-21 14:50:02 +02:00