luci-lilb-nixio: Code quality fixes

future variants could use en/decodeURIComponent ordering is important when handling "&" Signed-off-by: Paul Donald <newtwen@gmail.com>
author: Paul Donald <newtwen@gmail.com> 2024-01-31 02:25:33 +0100
committer: Paul Donald <newtwen@gmail.com> 2024-01-31 02:55:05 +0100
commit: d46da53bcd1f822d5b11772fc85b475b9d9174ff (patch)
tree: 67ea74429b460434f3e45125637e0e2880b82d12 /libs/luci-lib-nixio
parent: 74b89027d35a1d4024900451936747c45705f4fb (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libs/luci-lib-nixio/axTLS/www/index.html b/libs/luci-lib-nixio/axTLS/www/index.html
index 25cd2e69b1..9896cd8a54 100755
--- a/libs/luci-lib-nixio/axTLS/www/index.html
+++ b/libs/luci-lib-nixio/axTLS/www/index.html
@@ -5943,10 +5943,10 @@ String.prototype.htmlEncode = function()
 	return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
 }
 
-// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+// Convert "&lt;" to <, "&gt;" to >, "&quot;" to " and "&amp;" to & (& handled last for security reasons)
 String.prototype.htmlDecode = function()
 {
-	return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+	return(this.replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\"").replace(/&amp;/mg,"&"));
 }
 
 // Parse a space-separated string of name:value parameters where:
author	Paul Donald <newtwen@gmail.com>	2024-01-31 02:25:33 +0100
committer	Paul Donald <newtwen@gmail.com>	2024-01-31 02:55:05 +0100
commit	d46da53bcd1f822d5b11772fc85b475b9d9174ff (patch)
tree	67ea74429b460434f3e45125637e0e2880b82d12 /libs/luci-lib-nixio
parent	74b89027d35a1d4024900451936747c45705f4fb (diff)