treewide: avoid double-escaping CBI section labels

Since the section labels are already HTML-escaped implicitely by the
striptags() function, we must not escape them again in attr() or
ifattr().

Fixes: #2524
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

4 files changed, 5 insertions, 5 deletions

diff --git a/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm b/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm
index e145a3b4ef..c90afe7687 100644
--- a/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm
+++ b/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm
@@ -27,7 +27,7 @@ local anonclass  = (not self.anonymous or self.sectiontitle) and "named" or "ano
 				for i, k in ipairs(self:cfgsections()) do
 					section = k
 					local sectionname  = striptags((type(self.sectiontitle) == "function") and self:sectiontitle(section) or k)
-					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname)
+					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname, true)
 					isempty = false
 					scope = { valueheader = "cbi/cell_valueheader", valuefooter = "cbi/cell_valuefooter" }
 			-%>
diff --git a/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm b/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm
index 743886f884..12240e5ae4 100644
--- a/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm
+++ b/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm
@@ -27,7 +27,7 @@ local anonclass  = (not self.anonymous or self.sectiontitle) and "named" or "ano
 				for i, k in ipairs(self:cfgsections()) do
 					section = k
 					local sectionname  = striptags((type(self.sectiontitle) == "function") and self:sectiontitle(section) or k)
-					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname)
+					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname, true)
 					isempty = false
 					scope = { valueheader = "cbi/cell_valueheader", valuefooter = "cbi/cell_valuefooter" }
 			-%>
diff --git a/modules/luci-base/luasrc/view/cbi/cell_valueheader.htm b/modules/luci-base/luasrc/view/cbi/cell_valueheader.htm
index ea0568f409..cb11d8f61a 100644
--- a/modules/luci-base/luasrc/view/cbi/cell_valueheader.htm
+++ b/modules/luci-base/luasrc/view/cbi/cell_valueheader.htm
@@ -6,7 +6,7 @@
 <div class="td cbi-value-field<% if self.error and self.error[section] then %> cbi-value-error<% end %>"<%=
 	attr("data-name", self.option) ..
 	ifattr(ftype and #ftype > 0, "data-type", ftype) ..
-	ifattr(title and #title > 0, "data-title", title) ..
-	ifattr(descr and #descr > 0, "data-description", descr)
+	ifattr(title and #title > 0, "data-title", title, true) ..
+	ifattr(descr and #descr > 0, "data-description", descr, true)
 %>>
 <div id="cbi-<%=self.config.."-"..section.."-"..self.option%>" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
diff --git a/modules/luci-base/luasrc/view/cbi/tblsection.htm b/modules/luci-base/luasrc/view/cbi/tblsection.htm
index 408dfa7fe8..11c2206d8c 100644
--- a/modules/luci-base/luasrc/view/cbi/tblsection.htm
+++ b/modules/luci-base/luasrc/view/cbi/tblsection.htm
@@ -127,7 +127,7 @@ end
 				section = k
 
 				local sectionname = striptags((type(self.sectiontitle) == "function") and self:sectiontitle(section) or k)
-				local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname)
+				local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname, true)
 				local colorclass = (self.extedit or self.rowcolors) and rowstyle() or ""
 				local scope = {
 					valueheader = "cbi/cell_valueheader",