diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2021-03-29 11:45:01 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2021-03-29 11:51:39 +0200 |
| commit | 32f0ff25a2ef28b58eae62688ecdb9d23dc91df0 (patch) | |
| tree | 3f24f6d53c60144e3fc3729eaf520bb30b108859 /applications/luci-app-dawn | |
| parent | 95b5c6cd6464d11d6baa22bcf2c9469847353813 (diff) | |
luci-app-dawn: fix custom markup
- Properly indent HTML markup
- Replace div-based table markup with actual tables
- Escape SSID, hostname and interface values to prevent potential XSS
Fixes: #4942
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-dawn')
| -rw-r--r-- | applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_hearing_map.lua | 120 | ||||
| -rw-r--r-- | applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_network.lua | 150 |
2 files changed, 132 insertions, 138 deletions
diff --git a/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_hearing_map.lua b/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_hearing_map.lua index 844fa72c43..d277865503 100644 --- a/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_hearing_map.lua +++ b/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_hearing_map.lua @@ -4,69 +4,65 @@ m.pageaction = false s = m:section(NamedSection, "__hearingmap__") function s.render(self, sid) - local tpl = require "luci.template" - tpl.render_string([[ - <% - local utl = require "luci.util" - local status = require "luci.tools.ieee80211" - local stat = utl.ubus("dawn", "get_hearing_map", { }) - local name, macs + local tpl = require "luci.template" + tpl.render_string([[ + <% + local utl = require "luci.util" + local xml = require "luci.xml" + local status = require "luci.tools.ieee80211" + local stat = utl.ubus("dawn", "get_hearing_map", { }) + local name, macs - for name, macs in pairs(stat) do - %> - <div class="cbi-section-node"> - <h3>SSID: <%= name %></h3> - <div class="table" id="dawn_hearing_map"> - <div class="tr table-titles"> - <div class="th">Client MAC</div> - <div class="th">AP MAC</div> - <div class="th">Frequency</div> - <div class="th">HT Sup</div> - <div class="th">VHT Sup</div> - <div class="th">Signal</div> - <div class="th">RCPI</div> - <div class="th">RSNI</div> - <div class="th">Channel Utilization</div> - <div class="th">Station connect to AP</div> - <div class="th">Score</div> - </div> - <% - local mac, data - for mac, data in pairs(macs) do - local mac2, data2 - local count_loop = 0 + for name, macs in pairs(stat) do + %> + <div class="cbi-section-node"> + <h3>SSID: <%= xml.pcdata(name) %></h3> + <table class="table" id="dawn_hearing_map"> + <tr class="tr table-titles"> + <th class="th">Client MAC</th> + <th class="th">AP MAC</th> + <th class="th">Frequency</th> + <th class="th">HT Sup</th> + <th class="th">VHT Sup</th> + <th class="th">Signal</th> + <th class="th">RCPI</th> + <th class="th">RSNI</th> + <th class="th">Channel Utilization</th> + <th class="th">Station connect to AP</th> + <th class="th">Score</th> + </tr> + <% + local mac, data + for mac, data in pairs(macs) do - for mac2, data2 in pairs(data) do - %> - <div class="tr"> - <% if (count_loop == 0) then %> - <div class="td"><%= mac %></div> - <% else %> - <div></div> - <% end %> - <div class="td"><%= mac2 %></div> - <div class="td"><%= "%.3f" %( data2.freq / 1000 ) %> GHz Channel: <%= "%d" %( status.frequency_to_channel(data2.freq) ) %></div> - <div class="td"><%= (data2.ht_capabilities == true and data2.ht_support == true) and "True" or "False" %></div> - <div class="td"><%= (data2.vht_capabilities == true and data2.vht_support == true) and "True" or "False" %></div> - <div class="td"><%= "%d" %data2.signal %></div> - <div class="td"><%= "%d" %data2.rcpi %></div> - <div class="td"><%= "%d" %data2.rsni %></div> - <div class="td"><%= "%.2f" %(data2.channel_utilization / 2.55) %> %</div> - <div class="td"><%= "%d" %data2.num_sta %></div> - <div class="td"><%= "%d" %data2.score %></div> - </div> - <% - count_loop = count_loop + 1 - end - end - %> - </div> - </div> - <% - end - %> - </div> - ]]) + local mac2, data2 + local count_loop = 0 + for mac2, data2 in pairs(data) do + %> + <tr class="tr"> + <td class="td"><%= (count_loop == 0) and mac or "" %></td> + <td class="td"><%= mac2 %></td> + <td class="td"><%= "%.3f" %( data2.freq / 1000 ) %> GHz Channel: <%= "%d" %( status.frequency_to_channel(data2.freq) ) %></td> + <td class="td"><%= (data2.ht_capabilities == true and data2.ht_support == true) and "True" or "False" %></td> + <td class="td"><%= (data2.vht_capabilities == true and data2.vht_support == true) and "True" or "False" %></td> + <td class="td"><%= "%d" % data2.signal %></td> + <td class="td"><%= "%d" % data2.rcpi %></td> + <td class="td"><%= "%d" % data2.rsni %></td> + <td class="td"><%= "%.2f" % (data2.channel_utilization / 2.55) %> %</td> + <td class="td"><%= "%d" % data2.num_sta %></td> + <td class="td"><%= "%d" % data2.score %></td> + </tr> + <% + count_loop = count_loop + 1 + end + end + %> + </table> + </div> + <% + end + %> + ]]) end -return m
\ No newline at end of file +return m diff --git a/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_network.lua b/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_network.lua index 222778162b..6b6d6e346f 100644 --- a/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_network.lua +++ b/applications/luci-app-dawn/luasrc/model/cbi/dawn/dawn_network.lua @@ -9,86 +9,84 @@ function s.render(self, sid) local utl = require "luci.util" tpl.render_string([[ <% - local status = require "luci.tools.ieee80211" - local utl = require "luci.util" - local sys = require "luci.sys" - local hosts = sys.net.host_hints() - local stat = utl.ubus("dawn", "get_network", { }) - local name, macs - for name, macs in pairs(stat) do + local status = require "luci.tools.ieee80211" + local utl = require "luci.util" + local sys = require "luci.sys" + local xml = require "luci.xml" + local hosts = sys.net.host_hints() + local stat = utl.ubus("dawn", "get_network", { }) + local name, macs + for name, macs in pairs(stat) do %> - <div class="cbi-section-node"> - <h3>SSID: <%= name %></h3> - <div class="table" id=network_overview_main"> - <div class="tr table-titles"> - <div class="th">AP</div> - <div class="th">Clients</div> - </div> - <% - local mac, data - for mac, data in pairs(macs) do - %> - <div class="tr"> - <div class="td" style="vertical-align: top;"> - <div class="table" id="ap-<%= mac %>"> - <div class="tr table-titles"> - <div class="th">Hostname</div> - <div class="th">Interface</div> - <div class="th">MAC</div> - <div class="th">Utilization</div> - <div class="th">Frequency</div> - <div class="th">Stations</div> - <div class="th">HT Sup</div> - <div class="th">VHT Sup</div> - </div> - <div class="tr"> - <div class="td"><%= data.hostname %></div> - <div class="td"><%= data.iface %></div> - <div class="td"><%= mac %></div> - <div class="td"><%= "%.2f" %(data.channel_utilization / 2.55) %> %</div> - <div class="td"><%= "%.3f" %( data.freq / 1000 ) %> GHz (Channel: <%= "%d" %( status.frequency_to_channel(data.freq) ) %>)</div> - <div class="td"><%= "%d" %data.num_sta %></div> - <div class="td"><%= (data.ht_support == true) and "available" or "not available" %></div> - <div class="td"><%= (data.vht_support == true) and "available" or "not available" %></div> - </div> - </div> - </div> - <div class="td" style="vertical-align: top;"> - <div class="table" id="clients-<%= mac %>"> - <div class="tr table-titles"> - <div class="th">MAC</div> - <div class="th">HT</div> - <div class="th">VHT</div> - <div class="th">Signal</div> - </div> - <% - local mac2, data2 - for clientmac, clientvals in pairs(data) do - if (type(clientvals) == "table") then - %> - <div class="tr"> - <div class="td"><%= clientmac %></div> - <div class="td"><%= (clientvals.ht == true) and "available" or "not available" %></div> - <div class="td"><%= (clientvals.vht == true) and "available" or "not available" %></div> - <div class="td"><%= "%d" %clientvals.signal %></div> - </div> - <% - end - %> - <% - end - %> - </div> - </div> - </div> - <% - end - %> - </div> + <h3>SSID: <%= xml.pcdata(name) %></h3> + <table class="table" id=network_overview_main"> + <tr class="tr table-titles"> + <th class="th">AP</th> + <th class="th">Clients</th> + </tr> + <% + local mac, data + for mac, data in pairs(macs) do + %> + <tr class="tr"> + <td class="td" style="vertical-align: top;"> + <table class="table" id="ap-<%= mac %>"> + <tr class="tr table-titles"> + <th class="th">Hostname</th> + <th class="th">Interface</th> + <th class="th">MAC</th> + <th class="th">Utilization</th> + <th class="th">Frequency</th> + <th class="th">Stations</th> + <th class="th">HT Sup</th> + <th class="th">VHT Sup</th> + </tr> + <tr class="tr"> + <td class="td"><%= xml.pcdata(data.hostname) %></td> + <td class="td"><%= xml.pcdata(data.iface) %></td> + <td class="td"><%= mac %></td> + <td class="td"><%= "%.2f" %(data.channel_utilization / 2.55) %> %</td> + <td class="td"><%= "%.3f" %( data.freq / 1000 ) %> GHz (Channel: <%= "%d" %( status.frequency_to_channel(data.freq) ) %>)</td> + <td class="td"><%= "%d" % data.num_sta %></td> + <td class="td"><%= (data.ht_support == true) and "available" or "not available" %></td> + <td class="td"><%= (data.vht_support == true) and "available" or "not available" %></td> + </tr> + </table> + </td> + <td class="td" style="vertical-align: top;"> + <table class="table" id="clients-<%= mac %>"> + <tr class="tr table-titles"> + <th class="th">MAC</th> + <th class="th">HT</th> + <th class="th">VHT</th> + <th class="th">Signal</th> + </tr> + <% + local mac2, data2 + for clientmac, clientvals in pairs(data) do + if (type(clientvals) == "table") then + %> + <tr class="tr"> + <td class="td"><%= clientmac %></td> + <td class="td"><%= (clientvals.ht == true) and "available" or "not available" %></td> + <td class="td"><%= (clientvals.vht == true) and "available" or "not available" %></td> + <td class="td"><%= "%d" % clientvals.signal %></td> + </tr> + <% + end + end + %> + </table> + </td> + </tr> + <% + end + %> + </table> </div> <% - end + end %> ]]) end |