Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
luci/modules/luci-base
History
Jo-Philipp Wich 993151504e luci-base: form.js: do not execute embedded script code in stripTags() 
Instead of relying on .innerHTML which executes embedded script code to
parse a given HTML fragment, use dom.parse() which utilizies DOMParser()
internally in order to extract textContent in a safe manner.

Fixes: FS#4199
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=4199
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-12-23 17:08:21 +01:00
..
htdocs luci-base: form.js: do not execute embedded script code in stripTags() 2021-12-23 17:08:21 +01:00
luasrc timezone data: update to 2021e 2021-10-28 21:24:18 +03:00
po Translated using Weblate (Finnish) 2021-12-21 18:49:28 +02:00
root luci-base: apply Browser/OS dark mode preference to index redirect page 2021-11-16 13:06:03 +01:00
src luci-base: Import latest version of jsmin 2020-03-01 08:50:30 +08:00
Makefile luci-base: update dependency to luci-lib-base 2020-07-19 20:15:00 +02:00