From f3ff641d8e4e5127db7fc7738187edb4aa88d18b Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 23 Sep 2019 11:44:18 +0200 Subject: luci-mod-system: ensure that textarea contents are properly escaped Fixes: #3090 Signed-off-by: Jo-Philipp Wich --- .../luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js | 2 +- .../luci-mod-system/htdocs/luci-static/resources/view/system/startup.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/luci-mod-system/htdocs/luci-static') diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js index 286155790a..512f601eb6 100644 --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/crontab.js @@ -40,7 +40,7 @@ return L.view.extend({ E('p', {}, _('This is the system crontab in which scheduled tasks can be defined.') + _('
Note: you need to manually restart the cron service if the crontab file was empty before editing.')), - E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 10 }, crontab != null ? crontab : '')) + E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 10 }, [ crontab != null ? crontab : '' ])) ]); }, diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js index 365e6c8ed8..ba5bb35061 100644 --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/startup.js @@ -125,7 +125,7 @@ return L.view.extend({ ]), E('div', { 'data-tab': 'rc', 'data-tab-title': _('Local Startup') }, [ E('p', {}, _('This is the content of /etc/rc.local. Insert your own commands here (in front of \'exit 0\') to execute them at the end of the boot process.')), - E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 20 }, rcLocal != null ? rcLocal : '')), + E('p', {}, E('textarea', { 'style': 'width:100%', 'rows': 20 }, [ (rcLocal != null ? rcLocal : '') ]), E('div', { 'class': 'cbi-page-actions' }, [ E('button', { 'class': 'btn cbi-button-save', -- cgit v1.2.3