openwrt-mirror/luci
1
0
Fork 0
mirror of https://github.com/openwrt/luci.git synced 2025-12-21 17:04:35 +04:00
Code Issues Packages Projects Releases Wiki Activity

luci-mod-system: sshkeys.js: prevent XSS through pubkey comments

Browse Source 
Ensure to not display public key comments verbatim in order to prevent
injection of markup.

Reported-by: Eric McDonald <ericmcdonald@protonmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 944b55738e)
This commit is contained in:
Jo-Philipp Wich
2022-09-21 14:47:41 +02:00
parent 712bc8e52d
commit f25285a6c2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/luci-mod-system/htdocs/luci-static/resources/view/system/sshkeys.js
View File

@@ -109,7 +109,7 @@ function renderKeyItem(pubkey) {
click: removeKey, click: removeKey,
'data-key': pubkey.src 'data-key': pubkey.src
}, [ }, [
E('strong', pubkey.comment || _('Unnamed key')), E('br'), E('strong', [ pubkey.comment || _('Unnamed key') ]), E('br'),
E('small', [ E('small', [
'%s, %s'.format(pubkey.type, pubkey.curve || _('%d Bit').format(pubkey.bits)), '%s, %s'.format(pubkey.type, pubkey.curve || _('%d Bit').format(pubkey.bits)),
pubkey.options ? E([], [ pubkey.options ? E([], [