summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-openvpn/luasrc/view/openvpn
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2023-01-13 21:16:58 +0100
committerJo-Philipp Wich <jo@mein.io>2023-01-13 21:18:09 +0100
commit25983b9fa572a640a7ecd077378df2790266cd61 (patch)
treef452bf407230c455c73b17f640eb870080f6fa35 /applications/luci-app-openvpn/luasrc/view/openvpn
parent0186d7eae0e123a409e9919a83fdfecc7945c984 (diff)
luci-app-openvpn: fix potential XSS in pageswitch template
Ensure to escape URL instance parameter displayed in the heading. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-openvpn/luasrc/view/openvpn')
-rw-r--r--applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm2
1 files changed, 1 insertions, 1 deletions
diff --git a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm
index 0792763085..c464ef4781 100644
--- a/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm
+++ b/applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm
@@ -9,7 +9,7 @@
<div class="cbi-section">
<h3>
<a href="<%=url('admin/vpn/openvpn')%>"><%:Overview%></a> &#187;
- <%=luci.i18n.translatef("Instance \"%s\"", self.instance)%>
+ <%=luci.i18n.translatef("Instance \"%s\"", pcdata(self.instance))%>
</h3>
<% if self.mode == "basic" then %>
<a href="<%=url('admin/vpn/openvpn/advanced', self.instance)%>"><%:Switch to advanced configuration%> &#187;</a><p/>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-17 08:56:18 +0000