Release 2.2.0

CHANGELOG.md

@@ -4,10 +4,19 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+#### [2.2.0](https://github.com/rdkcentral/webui/compare/2.1.0...2.2.0)
+
+- RDKB-61882: WebUI - HTML Injection in wifi_spectrum_analyzer.jst [`#101`](https://github.com/rdkcentral/webui/pull/101)
+- RDKB-56582 [Mesh_Disabled][2407] Auto channel selection option is missing in GUI [`#98`](https://github.com/rdkcentral/webui/pull/98)
+- Merge tag '2.1.0' into develop [`e922576`](https://github.com/rdkcentral/webui/commit/e922576f72ecb5c977d0f467fa96a521fafb4e10)
+
 #### [2.1.0](https://github.com/rdkcentral/webui/compare/2.0.1...2.1.0)
 
+> 4 February 2026
+
 - RDKB-62953: Primary channel ID is incorrect in GUI for OFDM [`#97`](https://github.com/rdkcentral/webui/pull/97)
 - XER10-2533 : Observed duplicates of login message in admin page [`#96`](https://github.com/rdkcentral/webui/pull/96)
+- Add changelog for release 2.1.0 [`7b6e5fc`](https://github.com/rdkcentral/webui/commit/7b6e5fcd285b28112deb3480f26209fbd2ae90bf)
 - Merge tag '2.0.1' into develop [`05ddeee`](https://github.com/rdkcentral/webui/commit/05ddeee491c1657175ebcba152bf4ab8734dd9ea)
 
 #### [2.0.1](https://github.com/rdkcentral/webui/compare/2.0.0...2.0.1)

source/Styles/xb3/jst/actionHandler/ajax_at_saving.jst

@@ -1,6 +1,6 @@
 <?%
 /*
  If not stated otherwise in this file or this component's Licenses.txt file the
  following copyright and licenses apply:
  Copyright 2016 RDK Management
  Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,6 +21,122 @@
 	echo( '<script type="text/javascript">alert("Please Login First!"); location.href="../index.jst";</script>');
 	exit(0);
 }
+
+function sanitize_html(input) {
+  // keepAttrs:       true  -> keep attributes for allowed tags (default)
+  // stripDangerous:  true -> remove on* handlers and javascript: urls
+  var KEEP_ATTRS      = true;
+  var STRIP_DANGEROUS = true;
+
+  var ALLOWED_TAGS = ["H2", "DIV", "TABLE", "TBODY", "TR", "TH", "TD"];
+
+  function isAllowed(tagName) {
+    for (var i = 0; i < ALLOWED_TAGS.length; i++) {
+      if (tagName === ALLOWED_TAGS[i]) return true;
+    }
+    return false;
+  }
+
+  // Optional lightweight attribute filter (only used if STRIP_DANGEROUS = true)
+  function filterAttributes(attrText) {
+    // Parse attributes in a conservative way: name[=value]
+    // Keeps spacing as minimal as possible when reconstructing.
+    var out = [];
+    var re = /([^\s=\/"'>]+)(?:\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s"'=<>`]+)))?/g;
+    var m;
+    while ((m = re.exec(attrText)) !== null) {
+      var name = (m[1] || '').toLowerCase();
+      var val  = (m[2] != null) ? m[2] : (m[3] != null ? m[3] : (m[4] != null ? m[4] : ''));
+
+      // Drop obvious dangerous attributes
+      if (name.indexOf('on') === 0) continue;       // onclick, onload, ...
+      if (name === 'style') continue;               // inline CSS often abused
+
+      // Disallow javascript: and data: in URLish attributes
+      if (name === 'href' || name === 'src' || name === 'xlink:href') {
+        var v = String(val).replace(/^\s+|\s+$/g, '').toLowerCase();
+        if (!v || v.indexOf('javascript:') === 0 || v.indexOf('data:') === 0) continue;
+      }
+
+      // Reconstruct attribute (quote with double-quotes)
+      if (val === '') out.push(name);
+      else out.push(name + '="' + val.replace(/"/g, '&quot;') + '"');
+    }
+    return out.length ? ' ' + out.join(' ') : '';
+  }
+
+  var result = "";
+  var i = 0;
+  var lowerInput = input.toLowerCase();
+
+  while (i < input.length) {
+    if (input[i] === '<') {
+      var start = i;
+      var end = input.indexOf('>', start);
+      if (end === -1) { 
+        // no closing '>' — append the rest and stop
+        result += input.slice(i);
+        break;
+      }
+
+      // Raw tag content between '<' and '>'
+      var raw = input.substring(start + 1, end);
+      var tagContent = raw.replace(/^\s+|\s+$/g, '');
+      var isClosing = tagContent.charAt(0) === '/';
+
+      // Separate tag name and attributes (for opening tags)
+      var namePart = isClosing ? tagContent.slice(1) : tagContent;
+      var spaceIdx = namePart.indexOf(' ');
+      var tagName = (spaceIdx === -1 ? namePart : namePart.slice(0, spaceIdx)).toUpperCase();
+      var attrsPart = (spaceIdx === -1 || isClosing) ? '' : namePart.slice(spaceIdx);
+
+      // Detect self-closing "/>" (rare for your table tags but harmless to support)
+      var selfClosing = /\/\s*$/.test(tagContent) && !isClosing;
+
+      if (isAllowed(tagName)) {
+        var tn = tagName.toLowerCase();
+        if (isClosing) {
+          result += "</" + tn + ">";
+        } else {
+          var attrsOut = '';
+          if (KEEP_ATTRS) {
+            attrsOut = STRIP_DANGEROUS ? filterAttributes(attrsPart) : (attrsPart || '');
+          }
+          // Normalize: ensure a leading space before attributes when present and not already spaced
+          if (attrsOut && !STRIP_DANGEROUS) {
+            // If original attrsPart doesn't start with space, add one
+            if (!/^\s/.test(attrsOut)) attrsOut = ' ' + attrsOut;
+          }
+          result += "<" + tn + (attrsOut || '') + (selfClosing ? "/>" : ">");
+        }
+        i = end + 1;
+        continue;
+      }
+
+      // Not allowed tag
+      if (!isClosing) {
+        // Strip the entire element including its content until the matching closing tag
+        // (simple depth-1 removal; good enough for this whitelist)
+        var closing = "</" + tagName.toLowerCase() + ">";
+        var nextClosing = lowerInput.indexOf(closing, end);
+        if (nextClosing !== -1) {
+          i = nextClosing + closing.length;
+          continue;
+        }
+      }
+
+      // For disallowed closing tags or unmatched structures, just skip the tag itself
+      i = end + 1;
+    } else {
+      result += input[i++];
+    }
+  }
+
+  return result;
+}
+
+$configInfo = sanitize_html($_POST['configInfo']);
+
 $myfile = fopen("/var/tmp/Wifi_Spectrum_Analyzer_Table.html", "w");
 fwrite($myfile, "<style>table th tr {}</style>");
 fwrite($myfile, "<style>");
@@ -29,7 +145,7 @@
 fwrite($myfile, "th { background: #39baf1; color: #fff; }");
 fwrite($myfile, "td { border: 1px solid white; }");
 fwrite($myfile, "</style>");
-fwrite($myfile, $_POST['configInfo']);
+fwrite($myfile, $configInfo);
 fclose($myfile);
 echo( htmlspecialchars(json_encode({"status": "success"}), ENT_NOQUOTES, 'UTF-8'));
 ?>

source/Styles/xb3/jst/wireless_network_configuration_edit.jst

@@ -918,12 +918,7 @@ function setResetInfo(info) {
 		</div>
 		<div class="form-row odd" id="div_channel_switch">
 			<label for="channel_automatic"  id="mocamess4">Channel Selection:</label>
-		<?%
-		$ModelName = getStr("Device.DeviceInfo.ModelName");
-		if(!('2.4'==$radio_band && $ModelName == "SR203")) {
-			echo(' <input type="radio"  name="channel" value="auto" id="channel_automatic" checked="checked"'+' /><b id="wiremess11">Automatic</b>');
-		}
-		?>
+			<input type="radio"  name="channel" value="auto" id="channel_automatic" checked="checked"'+' /><b id="wiremess11">Automatic</b>
 			<label for="channel_manual" class="acs-hide"></label>
 			<input type="radio"  name="channel" value="manual"  id="channel_manual"    <?% if ("false"==$channel_automatic) echo( 'checked="checked"');?> /><b id="wiremess10">Manual</b>
 		</div>

source/Styles/xb6/jst/wireless_network_configuration_edit.jst

@@ -1119,12 +1119,7 @@ function setResetInfo(info) {
 		</div>
 		<div class="form-row odd" id="div_channel_switch">
 			<label for="channel_automatic"  id="mocamess4">Channel Selection:</label>
-		<?%
-		$ModelName = getStr("Device.DeviceInfo.ModelName");
-		if(!('2.4'==$radio_band && $ModelName == "SR203")) {
-			echo(' <input type="radio"  name="channel" value="auto" id="channel_automatic" checked="checked"'+' /><b id="wiremess11">Automatic</b>');
-		}
-		?>
+			<input type="radio"  name="channel" value="auto" id="channel_automatic" checked="checked"'+' /><b id="wiremess11">Automatic</b>
 			<label for="channel_manual" class="acs-hide"></label>
 			<input type="radio"  name="channel" value="manual"  id="channel_manual"    <?% if ("false"==$channel_automatic) echo( 'checked="checked"');?> /><b id="wiremess10">Manual</b>
 		</div>

source/Styles/xb6/jst/wireless_network_configuration_edit_onewifi.jst

@@ -1222,12 +1222,7 @@ function setResetInfo(info) {
 		</div>
 		<div class="form-row odd" id="div_channel_switch">
 			<label for="channel_automatic"  id="mocamess4">Channel Selection:</label>
-		<?%
-		$ModelName = getStr("Device.DeviceInfo.ModelName");
-		if(!('2.4'==$radio_band && $ModelName == "SR203")) {
-			echo(' <input type="radio"  name="channel" value="auto" id="channel_automatic" checked="checked"'+' /><b id="wiremess11">Automatic</b>');
-		}
-		?>
+			<input type="radio"  name="channel" value="auto" id="channel_automatic" checked="checked"'+' /><b id="wiremess11">Automatic</b>
 			<label for="channel_manual" class="acs-hide"></label>
 			<input type="radio"  name="channel" value="manual"  id="channel_manual"    <?% if ("false"==$channel_automatic) echo( 'checked="checked"');?> /><b id="wiremess10">Manual</b>
 		</div>