Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape single quotes in htmlEntities() #1413

Merged
merged 1 commit into from
May 8, 2022
Merged

Escape single quotes in htmlEntities() #1413

merged 1 commit into from
May 8, 2022

Conversation

abryant
Copy link
Contributor

@abryant abryant commented May 7, 2022

This should allow SSIDs that contain single quotes to populate data-ssid correctly. Without this patch, clicking on an SSID containing a single quote will either:

  • Not use the whole SSID, in cases where there's text before the quote:
    foo'bar will appear in the SSID box as just foo
  • Fall back to innerText, in cases where the quote is the first character in the SSID:
    '); DROP TABLE WIFI; -- will appear in the SSID box as a version that has spaces converted to non-breaking spaces, causing the connection to eventually fail with WL_NO_SSID_AVAIL.

Fixes #1412

@abryant
Escape single quotes in htmlEntities()
6ae3268 
This should allow SSIDs that contain single quotes to populate data-ssid correctly. Without this patch, clicking on an SSID containing a single quote will either:
* Not use the whole SSID, in cases where there's text before the quote:
  `foo'bar` will appear in the SSID box as just `foo`
* Fall back to innerText, in cases where the quote is the first character in the SSID:
  `'); DROP TABLE WIFI; --` will appear in the SSID box as a version that has spaces converted to non-breaking spaces, causing the connection to eventually fail with WL_NO_SSID_AVAIL.
@tablatronix tablatronix added the bug Validated BUG label May 8, 2022
@tablatronix tablatronix merged commit 86e413d into tzapu:master May 8, 2022
@tablatronix tablatronix mentioned this pull request Jun 17, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Validated BUG
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Single quotes in scanned SSIDs do not correctly populate the SSID box when clicked
2 participants
@abryant @tablatronix