openwrt-mirror/luci
1
0
Fork 0
mirror of https://github.com/openwrt/luci.git synced 2025-12-21 17:04:35 +04:00
Code Issues Packages Projects Releases Wiki Activity
17,615 Commits 17 Branches 13 Tags
ae8bbb814f16c2dc2a82e88d408bee1812ceda9c
Commit Graph

4 Commits

Author SHA1 Message Date
Mustafa Can Elmacı
ae8bbb814f treewide: HTML Cleanup 
* HTML Cleanup: Meta tags.
* Converted charset to shorthand.
* Removed meta tags with `Content-Script-Type` attribute. (Invalid in HTML5 spec.)

* HTML Cleanup: CSS tags.
* Removed `type` attribute with CSS files from link tags. (HTML5 spec recommends omitting it.)
* Removed `type` attribute from style tags. (Deprecated in HTML5 spec.)
https://html.spec.whatwg.org/#attr-link-type
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/style

* HTML Cleanup: Convert from XHTML to HTML5
* Removed XML declaration.
* Removed XML namespace.
* Changed doctype to HTML5.

* HTML Cleanup: CDATA tags.
* CDATA sections should not be used within HTML they are considered as comments and not displayed.
https://developer.mozilla.org/en-US/docs/Web/API/CDATASection

* HTML Cleanup: Script tags.
* Removed `language` attribute from script tags. (No longer valid in HTML5)
* Removed `type` attribute with JavaScript MIME type from script tags. (HTML5 spec recommends omitting it.)
https://html.spec.whatwg.org/multipage/scripting.html#attr-script-type
https://mimesniff.spec.whatwg.org/#javascript-mime-type

Signed-off-by: Mustafa Can Elmacı <mustafacan@elmaci.net>
 2024-11-22 22:39:46 +01:00
Jo-Philipp Wich
24d7da2416 luci-base: dispatcher.uc: prevent XSS through 404 error template 
Make sure to escape the user controlled URL passed as part of the error
message into the error404 template in order to avoid XSS.

Reported-by: 40826d <40826d@posteo.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2023-03-10 15:36:09 +01:00
Jo-Philipp Wich
d8e3b35c88 luci-base: fix passing dispatched node details to templates 
Fixes: #6111
Fixes: 08ae8d40a9 ("luci-base, luci-lua-runtime: fix "dispatched" and "requested" properties")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2022-11-22 17:31:37 +01:00
Jo-Philipp Wich
673f38246a treewide: separate Lua runtime resources 
Move classes required for Lua runtime support into a new `luci-lua-runtime`
package. Also replace the `luci.http` and `luci.util` classes in
`luci-lib-base` with stubbed versions interacting with the ucode based
runtime environment.

Finally merge `luci-base-ucode` into the remainders of `luci-base`.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2022-10-25 01:03:37 +02:00