mirror of
https://github.com/librenms/librenms.git
synced 2024-09-21 10:28:13 +00:00
Fix XSS in default example plugin (#15711)
* Fix XSS in default example plugin on* html fields are hard to escape properly, avoid putting user input there * Apply fixes from StyleCI --------- Co-authored-by: StyleCI Bot <bot@styleci.io>
This commit is contained in:
parent
166026d251
commit
ca891b477e
@ -18,7 +18,7 @@
|
||||
</td>
|
||||
<td>
|
||||
<input id="value-{{ $value }}" type="text" name="settings[{{ $name }}]" value="{{ $value }}">
|
||||
<button type="button" onclick="deleteSetting('{{ $name }}')" class="delete-button"><i class="fa fa-trash"></i></button>
|
||||
<button id="delete-{{ $name }}" type="button" onclick="deleteSetting(this.id)" class="delete-button"><i class="fa fa-trash"></i></button>
|
||||
</td>
|
||||
</tr>
|
||||
@empty
|
||||
@ -79,8 +79,8 @@
|
||||
document.getElementById('new-setting-value').value = '';
|
||||
}
|
||||
|
||||
function deleteSetting(name) {
|
||||
document.getElementById('settings-row-' + name).remove();
|
||||
function deleteSetting(nameId) {
|
||||
document.getElementById('settings-row-' + nameId.substring(7)).remove();
|
||||
}
|
||||
</script>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user