luci-app-firewall: fix stored XSS in rule-details.lua

A previous fix to this file failed to address a second instance of the
same issue.

Fixes: c048f23ba ("luci-app-firewall: fix stored XSS in rule- and forward detail pages")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
index 48329c8b219b92e4889c081430055fda006b87f1..df66771299b82b83ba89500e425c5c202fe81f8e 100644 (file)
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@@ -190,7 +190,7 @@ else
                name = translate("(Unnamed Rule)")
        end
 
-       m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name }
+       m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), luci.util.pcdata(name) }
 
 
        s = m:section(NamedSection, arg[1], "rule", "")