Commit 82083cc5 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(ui) html decode ui output (no execute) when fetching form data, closes...

(ui) html decode ui output (no execute) when fetching form data, closes https://github.com/opnsense/core/issues/898

(cherry picked from commit bd51937a)
parent 0bc88cc8
...@@ -30,6 +30,16 @@ ...@@ -30,6 +30,16 @@
* *
*/ */
/**
* html decode text into textarea tag and return decoded value.
*
* @param value encoded text
* @return string decoded text
*/
function htmlDecode(value) {
return $("<textarea/>").html(value).text();
}
/** /**
* *
* Map input fields from given parent tag to structure of named arrays. * Map input fields from given parent tag to structure of named arrays.
...@@ -130,11 +140,11 @@ function setFormData(parent,data) { ...@@ -130,11 +140,11 @@ function setFormData(parent,data) {
} else if (targetNode.is("span")) { } else if (targetNode.is("span")) {
if (node[keypart] != null) { if (node[keypart] != null) {
targetNode.text(""); targetNode.text("");
targetNode.append($.parseHTML(String(node[keypart]))); targetNode.append(htmlDecode(node[keypart]));
} }
} else { } else {
// regular input type // regular input type
targetNode.val(node[keypart]); targetNode.val(htmlDecode(node[keypart]));
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment