From 0186d7eae0e123a409e9919a83fdfecc7945c984 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 13 Jan 2023 20:52:17 +0100 Subject: luci-mod-system: fix potential stored XSS Make sure to escape the key contents in the delete confirmation dialog. Signed-off-by: Jo-Philipp Wich --- .../luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/luci-mod-system/htdocs') diff --git a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js index df3e354e37..a1748ad990 100644 --- a/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js +++ b/modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js @@ -204,7 +204,7 @@ function removeKey(ev) { L.showModal(_('Delete key'), [ E('div', _('Do you really want to delete the following SSH key?')), - E('pre', delkey), + E('pre', [ delkey ]), E('div', { class: 'right' }, [ E('div', { class: 'btn', click: L.hideModal }, _('Cancel')), ' ', -- cgit v1.2.3