luci/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org at c29f7fbba7ff0414c320f438415dd9b8ebd72cdf - Difuse/luci

History

Hauke Mehrtens 5cbd79d7e3 themes: Call striptags() on hostname to prevent XSS This calls striptags() on the hostname to prevent any XSS over the hostname. This should fix CVE-2021-33425 as far as I understood it. If someone adds some Javascript into system.@system[0].hostname it would have been directly added to the page, this prevents the problem. This can only be exploited by someone being able to modify the uci configuration, normally a user with such privileges could also just modify the webpage. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>	2021-06-09 01:33:44 +02:00
..
footer.htm	luci-theme-openwrt: rework menu rendering	2020-04-16 13:30:35 +02:00
header.htm	themes: Call striptags() on hostname to prevent XSS	2021-06-09 01:33:44 +02:00

Hauke Mehrtens 5cbd79d7e3 themes: Call striptags() on hostname to prevent XSS

This calls striptags() on the hostname to prevent any XSS over the
hostname. This should fix CVE-2021-33425 as far as I understood it.

If someone adds some Javascript into system.@system[0].hostname it would
have been directly added to the page, this prevents the problem.

This can only be exploited by someone being able to modify the uci
configuration, normally a user with such privileges could also just
modify the webpage.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

2021-06-09 01:33:44 +02:00

footer.htm

luci-theme-openwrt: rework menu rendering

2020-04-16 13:30:35 +02:00

header.htm

themes: Call striptags() on hostname to prevent XSS

2021-06-09 01:33:44 +02:00