From 368fbd9e7d25166a5d6b6d0770792e140a8019be Mon Sep 17 00:00:00 2001
From: Tom Piccirello <Piccirello@users.noreply.github.com>
Date: Thu, 20 Jun 2019 22:15:32 -0700
Subject: [PATCH] Fix encoding of special characters

Special characters would get html encoded (& -> &amp;). This has been tested against several payloads (e.g. <script>alert(0)</script>) to ensure it's not vulnerable to XSS.
---
 src/webui/www/private/rename.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/webui/www/private/rename.html b/src/webui/www/private/rename.html
index ebc0ff618..bc507b06a 100644
--- a/src/webui/www/private/rename.html
+++ b/src/webui/www/private/rename.html
@@ -33,7 +33,7 @@
             var name = new URI().getData('name');
             // set text field to current value
             if (name)
-                $('rename').value = escapeHtml(decodeURIComponent(name));
+                $('rename').value = decodeURIComponent(name);
 
             $('rename').focus();
             $('renameButton').addEvent('click', function(e) {