From eda8f02dac3caa4d0f52cd1e860d7a392c295df3 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Tue, 12 Feb 2019 08:32:02 +0100
Subject: treewide: avoid double-escaping CBI section labels

Since the section labels are already HTML-escaped implicitely by the
striptags() function, we must not escape them again in attr() or
ifattr().

Fixes: #2524
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm | 2 +-
 applications/luci-app-banip/luasrc/view/banip/sourcelist.htm    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'applications')

diff --git a/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm b/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm
index e145a3b4ef..c90afe7687 100644
--- a/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm
+++ b/applications/luci-app-adblock/luasrc/view/adblock/blocklist.htm
@@ -27,7 +27,7 @@ local anonclass  = (not self.anonymous or self.sectiontitle) and "named" or "ano
 				for i, k in ipairs(self:cfgsections()) do
 					section = k
 					local sectionname  = striptags((type(self.sectiontitle) == "function") and self:sectiontitle(section) or k)
-					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname)
+					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname, true)
 					isempty = false
 					scope = { valueheader = "cbi/cell_valueheader", valuefooter = "cbi/cell_valuefooter" }
 			-%>
diff --git a/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm b/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm
index 743886f884..12240e5ae4 100644
--- a/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm
+++ b/applications/luci-app-banip/luasrc/view/banip/sourcelist.htm
@@ -27,7 +27,7 @@ local anonclass  = (not self.anonymous or self.sectiontitle) and "named" or "ano
 				for i, k in ipairs(self:cfgsections()) do
 					section = k
 					local sectionname  = striptags((type(self.sectiontitle) == "function") and self:sectiontitle(section) or k)
-					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname)
+					local sectiontitle = ifattr(sectionname and (not self.anonymous or self.sectiontitle), "data-title", sectionname, true)
 					isempty = false
 					scope = { valueheader = "cbi/cell_valueheader", valuefooter = "cbi/cell_valuefooter" }
 			-%>
-- 
cgit v1.2.3