Commit bd51937a authored by Ad Schellevis's avatar Ad Schellevis

(ui) html decode ui output (no execute) when fetching form data, closes...

(ui) html decode ui output (no execute) when fetching form data, closes https://github.com/opnsense/core/issues/898
parent da71e1a0
...@@ -30,6 +30,16 @@ ...@@ -30,6 +30,16 @@
* *
*/ */
/**
* html decode text into textarea tag and return decoded value.
*
* @param value encoded text
* @return string decoded text
*/
function htmlDecode(value) {
return $("<textarea/>").html(value).text();
}
/** /**
* *
* Map input fields from given parent tag to structure of named arrays. * Map input fields from given parent tag to structure of named arrays.
...@@ -130,11 +140,11 @@ function setFormData(parent,data) { ...@@ -130,11 +140,11 @@ function setFormData(parent,data) {
} else if (targetNode.is("span")) { } else if (targetNode.is("span")) {
if (node[keypart] != null) { if (node[keypart] != null) {
targetNode.text(""); targetNode.text("");
targetNode.append($.parseHTML(String(node[keypart]))); targetNode.append(htmlDecode(node[keypart]));
} }
} else { } else {
// regular input type // regular input type
targetNode.val(node[keypart]); targetNode.val(htmlDecode(node[keypart]));
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment