Skip to content

Commit 749268a

Browse files
committed
luci-app-openvpn: fix potential XSS in pageswitch template
Ensure to escape URL instance parameter displayed in the heading. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 25983b9)
1 parent aa7938d commit 749268a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: applications/luci-app-openvpn/luasrc/view/openvpn/pageswitch.htm

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
<div class="cbi-section">
1010
<h3>
1111
<a href="<%=url('admin/vpn/openvpn')%>"><%:Overview%></a> &#187;
12-
<%=luci.i18n.translatef("Instance \"%s\"", self.instance)%>
12+
<%=luci.i18n.translatef("Instance \"%s\"", pcdata(self.instance))%>
1313
</h3>
1414
<% if self.mode == "basic" then %>
1515
<a href="<%=url('admin/vpn/openvpn/advanced', self.instance)%>"><%:Switch to advanced configuration%> &#187;</a><p/>

0 commit comments

Comments
 (0)