luci-lib-nixio: Code quality fixes

future variants could use en/decodeURIComponent

ordering is important when handling "&"

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit d46da53bcd1f822d5b11772fc85b475b9d9174ff)

diff --git a/libs/luci-lib-nixio/axTLS/www/index.html b/libs/luci-lib-nixio/axTLS/www/index.html
index 25cd2e69b1a4ea981882ecad956e3976a8a434a2..9896cd8a5466a79abdd314dd36270d018633b57a 100755 (executable)
--- a/libs/luci-lib-nixio/axTLS/www/index.html
+++ b/libs/luci-lib-nixio/axTLS/www/index.html
@@ -5943,10 +5943,10 @@ String.prototype.htmlEncode = function()
        return(this.replace(/&/mg,"&amp;").replace(/</mg,"&lt;").replace(/>/mg,"&gt;").replace(/\"/mg,"&quot;"));
 }
 
-// Convert "&amp;" to &, "&lt;" to <, "&gt;" to > and "&quot;" to "
+// Convert "&lt;" to <, "&gt;" to >, "&quot;" to " and "&amp;" to & (& handled last for security reasons)
 String.prototype.htmlDecode = function()
 {
-       return(this.replace(/&amp;/mg,"&").replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\""));
+       return(this.replace(/&lt;/mg,"<").replace(/&gt;/mg,">").replace(/&quot;/mg,"\"").replace(/&amp;/mg,"&"));
 }
 
 // Parse a space-separated string of name:value parameters where: