Skip to content
Permalink
Browse files Browse the repository at this point in the history
luci-app-openvpn: fix potential XSS in pageswitch template
Ensure to escape URL instance parameter displayed in the heading.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 25983b9)
  • Loading branch information
jow- committed Jan 13, 2023
1 parent aa7938d commit 749268a
Showing 1 changed file with 1 addition and 1 deletion.
Expand Up @@ -9,7 +9,7 @@
<div class="cbi-section">
<h3>
<a href="<%=url('admin/vpn/openvpn')%>"><%:Overview%></a> &#187;
<%=luci.i18n.translatef("Instance \"%s\"", self.instance)%>
<%=luci.i18n.translatef("Instance \"%s\"", pcdata(self.instance))%>
</h3>
<% if self.mode == "basic" then %>
<a href="<%=url('admin/vpn/openvpn/advanced', self.instance)%>"><%:Switch to advanced configuration%> &#187;</a><p/>
Expand Down

0 comments on commit 749268a

Please sign in to comment.