diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2020-03-15 17:48:40 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2020-03-15 17:48:40 +0100 |
| commit | 5d7dc391d4af4ad5dd6d7e1f6ef9891aa21fd220 (patch) | |
| tree | 8b9716d43e0aa4b59cde300686db8b5b3e60ec04 /themes | |
| parent | 03af89a24b52c152a97b4624098a64b597327b87 (diff) | |
themes: ensure that data-page attribute is escaped
Fixes: #3757
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'themes')
3 files changed, 3 insertions, 3 deletions
diff --git a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm index 56a1b230e..b9e1fbcdb 100644 --- a/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm +++ b/themes/luci-theme-bootstrap/luasrc/view/themes/bootstrap/header.htm @@ -40,7 +40,7 @@ <% include("themes/bootstrap/json-menu") %> </head> - <body class="lang_<%=luci.i18n.context.lang%> <% if node then %><%= striptags( node.title ) %><%- end %>" data-page="<%= table.concat(disp.context.requestpath, "-") %>"> + <body class="lang_<%=luci.i18n.context.lang%> <% if node then %><%= striptags( node.title ) %><%- end %>" data-page="<%= pcdata(table.concat(disp.context.requestpath, "-")) %>"> <header> <div class="fill"> <div class="container"> diff --git a/themes/luci-theme-material/luasrc/view/themes/material/header.htm b/themes/luci-theme-material/luasrc/view/themes/material/header.htm index 7541d048c..124314039 100644 --- a/themes/luci-theme-material/luasrc/view/themes/material/header.htm +++ b/themes/luci-theme-material/luasrc/view/themes/material/header.htm @@ -184,7 +184,7 @@ })(); //]]></script> </head> -<body class="lang_<%=luci.i18n.context.lang%> <% if node then %><%= striptags( node.title ) %><% end %> <% if luci.dispatcher.context.authsession then %>logged-in<% end %>" data-page="<%= table.concat(disp.context.requestpath, "-") %>"> +<body class="lang_<%=luci.i18n.context.lang%> <% if node then %><%= striptags( node.title ) %><% end %> <% if luci.dispatcher.context.authsession then %>logged-in<% end %>" data-page="<%= pcdata(table.concat(disp.context.requestpath, "-")) %>"> <header> <div class="fill"> <div class="container"> diff --git a/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm b/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm index a5e64cac5..f691e7066 100644 --- a/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm +++ b/themes/luci-theme-openwrt/luasrc/view/themes/openwrt.org/header.htm @@ -188,7 +188,7 @@ //]]></script> <title><%=striptags( (boardinfo.hostname or "?") .. ( (node and node.title) and ' - ' .. translate(node.title) or '')) %> - LuCI</title> </head> -<body class="lang_<%=luci.i18n.context.lang%>" data-page="<%= table.concat(disp.context.requestpath, "-") %>"> +<body class="lang_<%=luci.i18n.context.lang%>" data-page="<%= pcdata(table.concat(disp.context.requestpath, "-")) %>"> <p class="skiplink"> <span id="skiplink1"><a href="#navigation"><%:Skip to navigation%></a></span> |