summaryrefslogtreecommitdiffhomepage
path: root/libs/cbi
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2008-08-20 16:58:29 +0000
committerJo-Philipp Wich <jow@openwrt.org>2008-08-20 16:58:29 +0000
commit18dfd21c39e6ddcd6936174af654a05b742c51b7 (patch)
tree246e34486436075d67cf0a3756eb354f1131caa3 /libs/cbi
parentab71972c7e418be3a2a4d523c2f4ae5e9c5bfdd4 (diff)
* luci/libs: use striptags() in cbi <option> elements
Diffstat (limited to 'libs/cbi')
-rw-r--r--libs/cbi/luasrc/cbi.lua5
-rw-r--r--libs/cbi/luasrc/view/cbi/lvalue.htm2
-rw-r--r--libs/cbi/luasrc/view/cbi/mvalue.htm2
-rw-r--r--libs/cbi/luasrc/view/cbi/ucisection.htm2
4 files changed, 6 insertions, 5 deletions
diff --git a/libs/cbi/luasrc/cbi.lua b/libs/cbi/luasrc/cbi.lua
index 48a91d3b5a..295998e924 100644
--- a/libs/cbi/luasrc/cbi.lua
+++ b/libs/cbi/luasrc/cbi.lua
@@ -783,8 +783,9 @@ end
function AbstractValue.render(self, s, scope)
if not self.optional or self:cfgvalue(s) or self:formcreated(s) then
scope = scope or {}
- scope.section = s
- scope.cbid = self:cbid(s)
+ scope.section = s
+ scope.cbid = self:cbid(s)
+ scope.striptags = luci.util.striptags
scope.ifattr = function(cond,key,val)
if cond then
diff --git a/libs/cbi/luasrc/view/cbi/lvalue.htm b/libs/cbi/luasrc/view/cbi/lvalue.htm
index 60dd682808..92f021e063 100644
--- a/libs/cbi/luasrc/view/cbi/lvalue.htm
+++ b/libs/cbi/luasrc/view/cbi/lvalue.htm
@@ -16,7 +16,7 @@ $Id$
<% if self.widget == "select" then %>
<select onchange="cbi_d_update(this.id)"<%= attr("id", cbid) .. attr("name", cbid) .. ifattr(self.size, "size") %>>
<% for i, key in pairs(self.keylist) do -%>
- <option id="cbi-<%=self.config.."-"..section.."-"..self.option.."-"..key%>"<%= attr("value", key) .. ifattr(self:cfgvalue(section) == key, "selected", "selected") %>><%=luci.util.pcdata(self.vallist[i])%></option>
+ <option id="cbi-<%=self.config.."-"..section.."-"..self.option.."-"..key%>"<%= attr("value", key) .. ifattr(self:cfgvalue(section) == key, "selected", "selected") %>><%=striptags(self.vallist[i])%></option>
<%- end %>
</select>
<% elseif self.widget == "radio" then
diff --git a/libs/cbi/luasrc/view/cbi/mvalue.htm b/libs/cbi/luasrc/view/cbi/mvalue.htm
index f53660824d..4b69708ecd 100644
--- a/libs/cbi/luasrc/view/cbi/mvalue.htm
+++ b/libs/cbi/luasrc/view/cbi/mvalue.htm
@@ -19,7 +19,7 @@ local v = self:valuelist(section)
<% if self.widget == "select" then %>
<select multiple="multiple"<%= attr("name", cbid) .. ifattr(self.size, "size") %>>
<% for i, key in pairs(self.keylist) do -%>
- <option<%= attr("value", key) .. ifattr(luci.util.contains(v, key), "selected", "selected") %>><%=self.vallist[i]%></option>
+ <option<%= attr("value", key) .. ifattr(luci.util.contains(v, key), "selected", "selected") %>><%=striptags(self.vallist[i])%></option>
<%- end %>
</select>
<% elseif self.widget == "checkbox" then
diff --git a/libs/cbi/luasrc/view/cbi/ucisection.htm b/libs/cbi/luasrc/view/cbi/ucisection.htm
index f8cf3d1bc0..1d318f7915 100644
--- a/libs/cbi/luasrc/view/cbi/ucisection.htm
+++ b/libs/cbi/luasrc/view/cbi/ucisection.htm
@@ -23,7 +23,7 @@ $Id$
<select name="cbi.opt.<%=self.config%>.<%=section%>">
<option><%:cbi_addopt%></option>
<% for key, val in pairs(self.optionals[section]) do -%>
- <option id="cbi-<%=self.config.."-"..section.."-"..val.option%>" value="<%=val.option%>"><%=val.title%></option>
+ <option id="cbi-<%=self.config.."-"..section.."-"..val.option%>" value="<%=val.option%>"><%=striptags(val.title)%></option>
<%- end %>
</select>
<script type="text/javascript"><% for key, val in pairs(self.optionals[section]) do %>