openwrt/luci
1
0
Fork 0
mirror of https://github.com/openwrt/luci.git synced 2026-04-15 19:01:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,944 Commits 17 Branches 13 Tags
068150ba5f524ef6b03817b258d31ec310053fd6
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Christian Marangi 068150ba5f luci-mod-network: escape WiFi SSID on Scanning AP modal 
After the ES2016 rework, a very old bug was reverted where the WiFi SSID was
treated as raw HTML and directly appended to DOM.

This might result in XSS vulnerability with specially crafted SSID from the
Access Point around.

This is only triggered on opening the modal as the normal wireless.js view
doesn't scan the Access Point.

To fix this and make it more clear that SSID must be always escaped, move the
SSID handling to a dedicated variable and use the document.createTextNode()
to escape it similar to how it's done in similar place like the
channel_analysis.js

Fixes: cdce600aae ("luci-mod-network: give wireless.js ES2016 treatment and refactor")
Reported-by: Sasha Romijn <sct@mxsasha.eu>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2026-03-13 19:15:53 +01:00
.github
github: re-work github pages deploy
2026-02-16 03:22:54 +01:00
applications
luci-app-unbound: additional fixes
2026-03-13 13:53:34 +01:00
build
build: do not run ./build/mkbasepot.sh twice
2026-02-03 08:49:03 +01:00
collections
luci-layer2: create a minimal collection for layer-2 devices
2026-03-04 20:34:46 +01:00
contrib/package
lucihttp: adjust to cmake 4.x compatibility
2025-10-07 18:56:21 +03:00
doc_gen
docs: favicon and hierarchy
2026-02-22 16:51:25 +01:00
docs
docs: favicon and hierarchy
2026-02-22 16:51:25 +01:00
libs
luci-lib-chartjs: js linting fixes
2026-02-17 00:26:47 +01:00
modules
luci-mod-network: escape WiFi SSID on Scanning AP modal
2026-03-13 19:15:53 +01:00
protocols
luci-proto-openvpn: fix permissions and write promise
2026-03-12 17:46:33 +01:00
themes
luci-theme: remove LuCI from title, material changes
2026-03-02 19:14:01 +01:00
.gitignore
docs: refresh for JS and drop Lua references
2026-02-16 01:06:46 +01:00
CONTRIBUTING.md
treewide: Add a link to Weblate
2024-12-24 17:02:14 +00:00
eslint.config.mjs
github: add linting for JS and MD
2026-02-16 01:42:55 +01:00
jsdoc.conf.json
docs: favicon and hierarchy
2026-02-22 16:51:25 +01:00
LICENSE
luci.mk
luci.mk: add support for DEFAULT option
2026-02-08 22:41:34 +01:00
NOTICE
luci-lib-nixio: remove unmaintained axTLS lib
2025-09-25 14:55:12 +02:00
package.json
lint: bump package dependencies for node
2026-03-10 19:28:46 +01:00
README.md
docs: refresh for JS and drop Lua references
2026-02-16 01:06:46 +01:00

README.md

OpenWrt luci feed

Translation status

Description

This is the OpenWrt "luci"-feed containing LuCI - OpenWrt Configuration Interface.

Usage

This feed is enabled by default. Your feeds.conf.default (or feeds.conf) should contain a line like:

src-git luci https://github.com/openwrt/luci.git

To install all its package definitions, run:

./scripts/feeds update luci
./scripts/feeds install -a -p luci

API Reference

You can browse the generated API documentation directly on Github.

Use ucode and rpcd for server side operations.

Development

Documentation for developing and extending LuCI can be found in the Wiki

License

See LICENSE file.

Package Guidelines

See CONTRIBUTING.md file.

Translation status

Use Weblate instead of direct editing of the *.po files.

Translation status

Reference in New Issue View Git Blame Copy Permalink
Description
LuCI - OpenWrt Configuration Interface
Readme Apache-2.0 538 MiB
Languages
JavaScript 65.1%
C 17.3%
Lua 6.6%
CSS 3.7%
UnrealScript 3%
Other 4.2%