starred/WiFiManager
1
0
Fork 0
mirror of https://github.com/tzapu/WiFiManager.git synced 2026-04-27 09:05:56 +03:00
Code Issues 656 Projects Releases 8 Packages Wiki Activity

[GH-ISSUE #1412] Single quotes in scanned SSIDs do not correctly populate the SSID box when clicked #1209

New issue
Closed
opened 2026-02-28 01:29:02 +03:00 by kerem · 0 comments
kerem commented 2026-02-28 01:29:02 +03:00
Owner
Copy link

Originally created by @abryant on GitHub (May 7, 2022).
Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/1412

Basic Infos

Hardware

WiFimanager Branch/Release: master
Esp8266/Esp32: ESP32
Hardware: ESP32-WROVER-E
Core Version: 2.4.0

Description

My SSID is something like: '); DROP TABLE WIFI; -- (inspired by https://xkcd.com/327/)

This seems to be broken because the data-ssid attribute isn't templated correctly if the SSID contains a '. Chrome's inspector gives me this as the parsed element:

<a href="#p" onclick="c(this)" data-ssid="" );="" drop="" table="" wifi;="" --'="">');&nbsp;DROP&nbsp;TABLE&nbsp;WIFI;&nbsp;--</a>

Because the data-ssid attribute is empty, it falls back to using innerText, which has spaces replaced by &#160; so it doesn't connect (instead, it fails with WL_NO_SSID_AVAIL).

Originally created by @abryant on GitHub (May 7, 2022). Original GitHub issue: https://github.com/tzapu/WiFiManager/issues/1412 ### Basic Infos #### Hardware WiFimanager Branch/Release: master Esp8266/Esp32: ESP32 Hardware: ESP32-WROVER-E Core Version: 2.4.0 ### Description My SSID is something like: `'); DROP TABLE WIFI; --` (inspired by https://xkcd.com/327/) This seems to be broken because the `data-ssid` attribute isn't templated correctly if the SSID contains a `'`. Chrome's inspector gives me this as the parsed <a> element: ``` <a href="#p" onclick="c(this)" data-ssid="" );="" drop="" table="" wifi;="" --'="">');&nbsp;DROP&nbsp;TABLE&nbsp;WIFI;&nbsp;--</a> ``` Because the `data-ssid` attribute is empty, it falls back to using `innerText`, which has spaces replaced by `&#160;` so it doesn't connect (instead, it fails with WL_NO_SSID_AVAIL).
kerem closed this issue 2026-02-28 01:29:02 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-1849-master
feature_fastconnect
feature_auth
feature_slimable
PEAP
feature_statichtmlparams
feature_asyncwebserver
feature_pagestringsref
parameter-smart-ptr
gh-pages
Legacy_v1
hotfixes
autochannelselect_feature
travis
smartconfig
v2.0.17
v2.0.16-rc.2
v2.0.15-rc.1
v2.0.0-rc.1
v2.0.14-beta
v2.0.13-beta
v2.0.12-beta
v2.0.11-beta
v2.0.10-beta
v2.0.9-beta
v2.0.8-beta
2.0.7-beta
2.0.6-beta
2.0.5-beta
2.0.4-beta
0.16.0
2.0.3-alpha
0.15.0
0.14
0.13
0.12
0.11
0.10
0.9
0.8
0.7
0.6
0.5
v0.4
v0.3
v0.2
v0.1
Labels
Clear labels   
📶 WiFi

   
🕸️ HTTP

   
Branch

   
DEV Help Wanted

   
Discussion

   
Documentation

   
ESP32

   
Example

   
Good First Issue

   
Hotfix

   
In Progress

   
Incomplete

   
Needs Feeback

   
Priority

   
QA

   
Question

   
Task

   
Upstream/Dependancy

   
bug

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
📶 WiFi
🕸️ HTTP
Branch
DEV Help Wanted
Discussion
Documentation
ESP32
Example
Good First Issue
Hotfix
In Progress
Incomplete
Needs Feeback
Priority
QA
Question
Task
Upstream/Dependancy
bug
duplicate
enhancement
invalid
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/WiFiManager#1209
No description provided.