Some more escaping

diff --git a/libs/cbi/luasrc/view/cbi/dvalue.htm b/libs/cbi/luasrc/view/cbi/dvalue.htm
index 7d22fe0d9d21b7060b142ba2aed1b228bc51137e..bdcbd317ec16335c50e7042205d3369f7fd12ba3 100644 (file)
--- a/libs/cbi/luasrc/view/cbi/dvalue.htm
+++ b/libs/cbi/luasrc/view/cbi/dvalue.htm
@@ -16,12 +16,12 @@ $Id$
 <%+cbi/valueheader%>
 <% if self.value then
        if type(self.value) == "function" then %>
-       <%=self:value(section)%>
+       <%=luci.util.pcdata(self:value(section))%>
 <% else %>
-       <%=self.value%>
+       <%=luci.util.pcdata(self.value)%>
 <%     end
 else %>
-       <%=self:cfgvalue(section)%>
+       <%=luci.util.pcdata(self:cfgvalue(section))%>
 <% end %>
 &nbsp;
 <%+cbi/valuefooter%>

diff --git a/libs/cbi/luasrc/view/cbi/lvalue.htm b/libs/cbi/luasrc/view/cbi/lvalue.htm
index cb41f53d1325d3387faf505b260c064ec1a5cf63..5108e85c48da0b9584a2ba839d5df4c65cf1a770 100644 (file)
--- a/libs/cbi/luasrc/view/cbi/lvalue.htm
+++ b/libs/cbi/luasrc/view/cbi/lvalue.htm
@@ -16,7 +16,7 @@ $Id$
 <% if self.widget == "select" then %>
        <select onchange="cbi_d_update(this.id)"<%= attr("id", cbid) .. attr("name", cbid) .. ifattr(self.size, "size") %>>
        <% for i, key in pairs(self.keylist) do -%>
-               <option<%= attr("value", key) .. ifattr(self:cfgvalue(section) == key, "selected", "selected") %>><%=self.vallist[i]%></option>
+               <option<%= attr("value", key) .. ifattr(self:cfgvalue(section) == key, "selected", "selected") %>><%=luci.util.pcdata(self.vallist[i])%></option>
        <%- end %>
        </select>
 <% elseif self.widget == "radio" then