luci/modules/luci-base/htdocs/luci-static at 993151504e8e810c083d3257555bdcdc2f00673a - Difuse/luci

History

Jo-Philipp Wich 993151504e luci-base: form.js: do not execute embedded script code in stripTags() Instead of relying on .innerHTML which executes embedded script code to parse a given HTML fragment, use dom.parse() which utilizies DOMParser() internally in order to extract textContent in a safe manner. Fixes: FS#4199 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=4199 Signed-off-by: Jo-Philipp Wich <jo@mein.io>	2021-12-23 17:08:21 +01:00
..
resources	luci-base: form.js: do not execute embedded script code in stripTags()	2021-12-23 17:08:21 +01:00

Jo-Philipp Wich 993151504e luci-base: form.js: do not execute embedded script code in stripTags()

Instead of relying on .innerHTML which executes embedded script code to
parse a given HTML fragment, use dom.parse() which utilizies DOMParser()
internally in order to extract textContent in a safe manner.

Fixes: FS#4199
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=4199
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2021-12-23 17:08:21 +01:00

resources

luci-base: form.js: do not execute embedded script code in stripTags()

2021-12-23 17:08:21 +01:00