diff --git a/www/nginx/src/opnsense/mvc/app/views/OPNsense/Nginx/index.volt b/www/nginx/src/opnsense/mvc/app/views/OPNsense/Nginx/index.volt
index 0041318c83..5c715e748c 100644
--- a/www/nginx/src/opnsense/mvc/app/views/OPNsense/Nginx/index.volt
+++ b/www/nginx/src/opnsense/mvc/app/views/OPNsense/Nginx/index.volt
@@ -64,12 +64,15 @@
$("#nginx_conf tbody").empty().append('
{{ lang._("Waiting for response..") }} |
');
$("#config_help_text").hide();
+ // clear existing config in memory (if any)
+ ngnx_config = [];
ajaxCall(url="/api/nginx/settings/showconfig/", sendData={}, callback=function(data,status) {
if (data['time'] && data['config']) {
let L = 0;
let content = [];
$.each(data['config'], function(index, line) {
- ngnx_config.push($('').html(line).text());
+ // use lodash unescape to safely decode html chars in line and store for clipboard copy
+ ngnx_config.push(_.unescape(line));
L = line.indexOf('# configuration file ') > -1 ? 0 : L + 1;
// line received HTML-encoded. Should be XSS-safe if not decoded before inserting to DOM
content.push('' + L.toString() + ' | ' + line + ' |
');