From 934fa275b23f93ca6fe4eac5db6a6a6ee3f9581c Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 18 Sep 2019 13:51:16 +0200 Subject: luci-base: ensure that button labels are properly html escaped Fixes: #3067 Signed-off-by: Jo-Philipp Wich --- .../luci-base/htdocs/luci-static/resources/form.js | 24 ++++----- .../luci-base/htdocs/luci-static/resources/luci.js | 6 +-- .../luci-base/htdocs/luci-static/resources/ui.js | 62 +++++++++------------- 3 files changed, 38 insertions(+), 54 deletions(-) (limited to 'modules/luci-base/htdocs/luci-static/resources') diff --git a/modules/luci-base/htdocs/luci-static/resources/form.js b/modules/luci-base/htdocs/luci-static/resources/form.js index 0630ceec86..7dc63ceb5a 100644 --- a/modules/luci-base/htdocs/luci-static/resources/form.js +++ b/modules/luci-base/htdocs/luci-static/resources/form.js @@ -863,7 +863,7 @@ var CBITypedSection = CBIAbstractSection.extend({ 'class': 'cbi-button cbi-button-add', 'title': btn_title || _('Add'), 'click': L.ui.createHandlerFn(this, 'handleAdd') - }, btn_title || _('Add'))); + }, [ btn_title || _('Add') ])); } else { var nameEl = E('input', { @@ -925,7 +925,7 @@ var CBITypedSection = CBIAbstractSection.extend({ 'name': 'cbi.rts.%s.%s'.format(config_name, cfgsections[i]), 'data-section-id': cfgsections[i], 'click': L.ui.createHandlerFn(this, 'handleRemove', cfgsections[i]) - }, _('Delete')))); + }, [ _('Delete') ]))); } if (!this.anonymous) @@ -1146,25 +1146,21 @@ var CBITableSection = CBITypedSection.extend({ }, this, section_id); L.dom.append(tdEl.lastElementChild, - E('input', { - 'type': 'button', - 'value': _('Edit'), + E('button', { 'title': _('Edit'), 'class': 'cbi-button cbi-button-edit', 'click': evFn - }) + }, [ _('Edit') ]) ); } if (more_label) { L.dom.append(tdEl.lastElementChild, - E('input', { - 'type': 'button', - 'value': more_label, + E('button', { 'title': more_label, 'class': 'cbi-button cbi-button-edit', 'click': L.ui.createHandlerFn(this, 'renderMoreOptionsModal', section_id) - }) + }, [ more_label ]) ); } @@ -1338,11 +1334,11 @@ var CBITableSection = CBITypedSection.extend({ E('button', { 'class': 'btn', 'click': L.ui.createHandlerFn(this, 'handleModalCancel', m) - }, _('Dismiss')), ' ', + }, [ _('Dismiss') ]), ' ', E('button', { 'class': 'cbi-button cbi-button-positive important', 'click': L.ui.createHandlerFn(this, 'handleModalSave', m) - }, _('Save')) + }, [ _('Save') ]) ]) ], 'cbi-modal'); }, this)).catch(L.error); @@ -1487,7 +1483,7 @@ var CBINamedSection = CBIAbstractSection.extend({ E('button', { 'class': 'cbi-button', 'click': L.ui.createHandlerFn(this, 'handleRemove') - }, _('Delete')))); + }, [ _('Delete') ]))); } sectionEl.appendChild(E('div', { @@ -1502,7 +1498,7 @@ var CBINamedSection = CBIAbstractSection.extend({ E('button', { 'class': 'cbi-button cbi-button-add', 'click': L.ui.createHandlerFn(this, 'handleAdd') - }, _('Add'))); + }, [ _('Add') ])); } L.dom.bindClassInstance(sectionEl, this); diff --git a/modules/luci-base/htdocs/luci-static/resources/luci.js b/modules/luci-base/htdocs/luci-static/resources/luci.js index 0b7ec6ea86..af2b179ce3 100644 --- a/modules/luci-base/htdocs/luci-static/resources/luci.js +++ b/modules/luci-base/htdocs/luci-static/resources/luci.js @@ -1344,15 +1344,15 @@ this.handleSaveApply ? E('button', { 'class': 'cbi-button cbi-button-apply', 'click': L.ui.createHandlerFn(this, 'handleSaveApply') - }, _('Save & Apply')) : '', ' ', + }, [ _('Save & Apply') ]) : '', ' ', this.handleSave ? E('button', { 'class': 'cbi-button cbi-button-save', 'click': L.ui.createHandlerFn(this, 'handleSave') - }, _('Save')) : '', ' ', + }, [ _('Save') ]) : '', ' ', this.handleReset ? E('button', { 'class': 'cbi-button cbi-button-reset', 'click': L.ui.createHandlerFn(this, 'handleReset') - }, _('Reset')) : '' + }, [ _('Reset') ]) : '' ])); } diff --git a/modules/luci-base/htdocs/luci-static/resources/ui.js b/modules/luci-base/htdocs/luci-static/resources/ui.js index fed5dafa33..c0b57528fb 100644 --- a/modules/luci-base/htdocs/luci-static/resources/ui.js +++ b/modules/luci-base/htdocs/luci-static/resources/ui.js @@ -1508,7 +1508,7 @@ var UIFileUpload = UIElement.extend({ else if (this.value != null) label = [ this.iconForType('file'), ' %s (%s)'.format(this.truncatePath(this.value), _('File not accessible')) ]; else - label = _('Select file…'); + label = [ _('Select file…') ]; return this.bind(E('div', { 'id': this.options.id }, [ E('button', { @@ -1689,13 +1689,13 @@ var UIFileUpload = UIElement.extend({ ev.preventDefault(); ev.target.previousElementSibling.click(); } - }, _('Browse…')), + }, [ _('Browse…') ]), E('div', {}, E('input', { 'type': 'text', 'placeholder': _('Filename') })), E('button', { 'class': 'btn cbi-button-save', 'click': L.ui.createHandlerFn(this, 'handleUpload', path, list), 'disabled': true - }, _('Upload file')) + }, [ _('Upload file') ]) ]) ]); }, @@ -1746,11 +1746,11 @@ var UIFileUpload = UIElement.extend({ selected ? E('button', { 'class': 'btn', 'click': L.ui.createHandlerFn(this, 'handleReset') - }, _('Deselect')) : '', + }, [ _('Deselect') ]) : '', this.options.enable_remove ? E('button', { 'class': 'btn cbi-button-negative', 'click': L.ui.createHandlerFn(this, 'handleDelete', entrypath, list[i]) - }, _('Delete')) : '' + }, [ _('Delete') ]) : '' ]) ])); } @@ -1979,7 +1979,7 @@ return L.Class.extend({ } }, [ E('div', { 'style': 'flex:10' }), - E('div', { 'style': 'flex:1; display:flex' }, [ + E('div', { 'style': 'flex:1 1 auto; display:flex' }, [ E('button', { 'class': 'btn', 'style': 'margin-left:auto; margin-top:auto', @@ -1987,7 +1987,7 @@ return L.Class.extend({ L.dom.parent(ev.target, '.alert-message').classList.add('fade-out'); }, - }, _('Dismiss')) + }, [ _('Dismiss') ]) ]) ]); @@ -2303,24 +2303,18 @@ return L.Class.extend({ E('var', {}, E('del', ' ')), ' ', _('Option removed') ])]), E('br'), list, E('div', { 'class': 'right' }, [ - E('input', { - 'type': 'button', + E('button', { 'class': 'btn', - 'click': L.ui.hideModal, - 'value': _('Dismiss') - }), ' ', - E('input', { - 'type': 'button', + 'click': L.ui.hideModal + }, [ _('Dismiss') ]), ' ', + E('button', { 'class': 'cbi-button cbi-button-positive important', - 'click': L.bind(this.apply, this, true), - 'value': _('Save & Apply') - }), ' ', - E('input', { - 'type': 'button', + 'click': L.bind(this.apply, this, true) + }, [ _('Save & Apply') ]), ' ', + E('button', { 'class': 'cbi-button cbi-button-reset', - 'click': L.bind(this.revert, this), - 'value': _('Revert') - })])]) + 'click': L.bind(this.revert, this) + }, [ _('Revert') ])])]) ]); for (var config in this.changes) { @@ -2396,24 +2390,18 @@ return L.Class.extend({ E('h4', _('Configuration has been rolled back!')), E('p', _('The device could not be reached within %d seconds after applying the pending changes, which caused the configuration to be rolled back for safety reasons. If you believe that the configuration changes are correct nonetheless, perform an unchecked configuration apply. Alternatively, you can dismiss this warning and edit changes before attempting to apply again, or revert all pending changes to keep the currently working configuration state.').format(L.env.apply_rollback)), E('div', { 'class': 'right' }, [ - E('input', { - 'type': 'button', + E('button', { 'class': 'btn', - 'click': L.bind(L.ui.changes.displayStatus, L.ui.changes, false), - 'value': _('Dismiss') - }), ' ', - E('input', { - 'type': 'button', + 'click': L.bind(L.ui.changes.displayStatus, L.ui.changes, false) + }, [ _('Dismiss') ]), ' ', + E('button', { 'class': 'btn cbi-button-action important', - 'click': L.bind(L.ui.changes.revert, L.ui.changes), - 'value': _('Revert changes') - }), ' ', - E('input', { - 'type': 'button', + 'click': L.bind(L.ui.changes.revert, L.ui.changes) + }, [ _('Revert changes') ]), ' ', + E('button', { 'class': 'btn cbi-button-negative important', - 'click': L.bind(L.ui.changes.apply, L.ui.changes, false), - 'value': _('Apply unchecked') - }) + 'click': L.bind(L.ui.changes.apply, L.ui.changes, false) + }, [ _('Apply unchecked') ]) ]) ]); -- cgit v1.2.3