summaryrefslogtreecommitdiffhomepage
path: root/modules
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2019-09-23 11:44:18 +0200
committerJo-Philipp Wich <jo@mein.io>2019-09-23 11:44:18 +0200
commitf3ff641d8e4e5127db7fc7738187edb4aa88d18b (patch)
treea4ca109bbee39d894894b0ffdb6674be7e2b2dee /modules
parentcf239f9e1086efea592d5413e3c7f16a3ff06703 (diff)
luci-mod-system: ensure that textarea contents are properly escaped
Fixes: #3090 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules')
-rw-r--r--modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js2
-rw-r--r--modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js2
2 files changed, 2 insertions, 2 deletions
diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js
index 286155790..512f601eb 100644
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js
@@ -40,7 +40,7 @@ return L.view.extend({
E('p', {},
_('This is the system crontab in which scheduled tasks can be defined.') +
_('<br/>Note: you need to manually restart the cron service if the crontab file was empty before editing.')),
- E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 10 }, crontab != null ? crontab : ''))
+ E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 10 }, [ crontab != null ? crontab : '' ]))
]);
},
diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js
index 365e6c8ed..ba5bb3506 100644
--- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js
+++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js
@@ -125,7 +125,7 @@ return L.view.extend({
]),
E('div', { 'data-tab': 'rc', 'data-tab-title': _('Local Startup') }, [
E('p', {}, _('This is the content of /etc/rc.local. Insert your own commands here (in front of \'exit 0\') to execute them at the end of the boot process.')),
- E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 20 }, rcLocal != null ? rcLocal : '')),
+ E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 20 }, [ (rcLocal != null ? rcLocal : '') ]),
E('div', { 'class': 'cbi-page-actions' }, [
E('button', {
'class': 'btn cbi-button-save',