libs/cbi: properly escape values in dynlist widget (#79)

author Jo-Philipp Wich <jow@openwrt.org>

Thu, 13 Aug 2009 14:36:18 +0000 (14:36 +0000)

committer Jo-Philipp Wich <jow@openwrt.org>

Thu, 13 Aug 2009 14:36:18 +0000 (14:36 +0000)
author Jo-Philipp Wich <jow@openwrt.org>
Thu, 13 Aug 2009 14:36:18 +0000 (14:36 +0000)
committer Jo-Philipp Wich <jow@openwrt.org>
Thu, 13 Aug 2009 14:36:18 +0000 (14:36 +0000)
diff --git a/libs/cbi/luasrc/view/cbi/dynlist.htm b/libs/cbi/luasrc/view/cbi/dynlist.htm

index a23a4eb..1f3b901 100644 (file)
--- a/libs/cbi/luasrc/view/cbi/dynlist.htm
+++ b/libs/cbi/luasrc/view/cbi/dynlist.htm
@@ -18,7 +18,7 @@ $Id$
         for i=1, #vals + 1 do
                 local val = vals[i]
  %>
-       <input class="cbi-input-text" value="<%=val%>" onchange="cbi_d_update(this.id)" type="text"<%= attr("id", cbid .. "." .. i) .. attr("name", cbid) .. ifattr(self.size, "size")%> />
+       <input class="cbi-input-text" value="<%=luci.util.pcdata(val)%>" onchange="cbi_d_update(this.id)" type="text"<%= attr("id", cbid .. "." .. i) .. attr("name", cbid) .. ifattr(self.size, "size")%> />
         <% if i <= #vals then %>
                 <input class="cbi-input-image" type="image" value="<%:cbi_del%>" name="cbi.rle.<%=section .. "." .. self.option .. "." .. i%>" alt="<%:cbi_del%>" title="<%:cbi_del%>" src="<%=resource%>/cbi/remove.gif" />
         <% else %>
author	Jo-Philipp Wich <jow@openwrt.org>
	Thu, 13 Aug 2009 14:36:18 +0000 (14:36 +0000)
committer	Jo-Philipp Wich <jow@openwrt.org>
	Thu, 13 Aug 2009 14:36:18 +0000 (14:36 +0000)