From f04b01ec1f710f56ee37b5688f34c07b95057813 Mon Sep 17 00:00:00 2001
From: fvanroie <cpt_jack@msn.com>
Date: Sat, 30 Jul 2022 23:38:44 +0200
Subject: [PATCH] Add Content-Security-Policy #246

---
 data/script.js            |  58 +++++++++++++++++++++++++++++---------
 data/script.js.gz         | Bin 2006 -> 2374 bytes
 src/sys/svc/hasp_http.cpp |  20 +++++++------
 3 files changed, 55 insertions(+), 23 deletions(-)

diff --git a/data/script.js b/data/script.js
index 5cc11ab3..b9faf56b 100644
--- a/data/script.js
+++ b/data/script.js
@@ -11,11 +11,13 @@ async function ref(e) {
   var t = new Date().getTime();
   (await fetch("/screenshot?d=" + t + "&a=" + e)).ok ? upd(e) : aref(2);
 }
+function ihtm(id, html) {
+  if (obj = document.getElementById(id))
+    obj.innerHTML = html;
+}
 function about() {
-  document.getElementById("lic").innerHTML =
-    '<h3>openHASP</h3>Copyright&copy; 2019-2022 Francis Van Roie</br>MIT License</p><p>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files(the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and / or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:</p><p>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.</p><p>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</p>';
-  document.getElementById("pkg").innerHTML =
-    "<hr><p>Based on the previous work of the following open source developers:</p><h3>HASwitchPlate</h3><p>Copyright&copy; 2019 Allen Derusha allen @derusha.org</b></br>MIT License</p><h3>LVGL</h3><p>Copyright&copy; 2021 LVGL Kft</br>MIT License</p><h3>LovyanGFX</h3><p>Copyright&copy; 2020 lovyan03 (https://github.com/lovyan03) All rights reserved.</br>FreeBSD License</p><h3>TFT_eSPI</h3><p>Copyright&copy; 2020 Bodmer (https://github.com/Bodmer) All rights reserved.</br>FreeBSD License</p><h3>Adafruit_GFX</h3><p>Copyright&copy; 2012 Adafruit Industries. All rights reserved</br>BSD License</p><h3>ArduinoJson</h3><p>Copyright&copy; 2014-2021 Benoit BLANCHON</br>MIT License</p><h3>PubSubClient</h3><p>Copyright&copy; 2008-2015 Nicholas O&apos;Leary</br>MIT License</p><h3>ArduinoLog</h3><p>Copyright&copy; 2017,2018 Thijs Elenbaas, MrRobot62, rahuldeo2047, NOX73, dhylands, Josha blemasle, mfalkvidd</br>MIT License</p><h3>QR Code generator</h3><p>Copyright&copy; Project Nayuki</br>MIT License</p><h3>SimpleFTPServer</h3><p>Copyright&copy; 2017 Renzo Mischianti www.mischianti.org All right reserved.</br>MIT License</p><h3>AceButton</h3><p>Copyright&copy; 2018 Brian T. Park</br>MIT License</p>";
+  ihtm("lic",'<h3>openHASP</h3>Copyright&copy; 2019-2022 Francis Van Roie</br>MIT License</p><p>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files(the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and / or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:</p><p>The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.</p><p>THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</p>');
+  ihtm("pkg","<hr><p>Based on the previous work of the following open source developers:</p><h3>HASwitchPlate</h3><p>Copyright&copy; 2019 Allen Derusha allen @derusha.org</b></br>MIT License</p><h3>LVGL</h3><p>Copyright&copy; 2021 LVGL Kft</br>MIT License</p><h3>LovyanGFX</h3><p>Copyright&copy; 2020 lovyan03 (https://github.com/lovyan03) All rights reserved.</br>FreeBSD License</p><h3>TFT_eSPI</h3><p>Copyright&copy; 2020 Bodmer (https://github.com/Bodmer) All rights reserved.</br>FreeBSD License</p><h3>Adafruit_GFX</h3><p>Copyright&copy; 2012 Adafruit Industries. All rights reserved</br>BSD License</p><h3>ArduinoJson</h3><p>Copyright&copy; 2014-2021 Benoit BLANCHON</br>MIT License</p><h3>PubSubClient</h3><p>Copyright&copy; 2008-2015 Nicholas O&apos;Leary</br>MIT License</p><h3>ArduinoLog</h3><p>Copyright&copy; 2017,2018 Thijs Elenbaas, MrRobot62, rahuldeo2047, NOX73, dhylands, Josha blemasle, mfalkvidd</br>MIT License</p><h3>QR Code generator</h3><p>Copyright&copy; Project Nayuki</br>MIT License</p><h3>SimpleFTPServer</h3><p>Copyright&copy; 2017 Renzo Mischianti www.mischianti.org All right reserved.</br>MIT License</p><h3>AceButton</h3><p>Copyright&copy; 2018 Brian T. Park</br>MIT License</p>");
 }
 function handleSubmit(e) {
   e.preventDefault();
@@ -23,15 +25,19 @@ function handleSubmit(e) {
     o = Object.fromEntries(t.entries());
   console.log({ value: o });
 }
-function info() {
-  data = JSON.parse(this.response);
-  var e = "<table>";
-  for (let t in data) {
-    e += `<tr><td colspan=2></td></tr><tr><th colspan=2>${t}</th></tr>`;
-    for (let o in data[t])
-      e += `<tr><td>${o}: </td><td>${data[t][o]}</td></tr>`;
+function info2() {
+  try {
+    data = JSON.parse(this.response);
+    var e = "<table>";
+    for (let t in data) {
+      e += `<tr><td colspan=2></td></tr><tr><th colspan=2>${t}</th></tr>`;
+      for (let o in data[t])
+        e += `<tr><td>${o}: </td><td>${data[t][o]}</td></tr>`;
+    }
+    (e += "</table>"), (document.getElementById("info").innerHTML = e);
+  } catch (e) {  
+    console.log('invalid json');  
   }
-  (e += "</table>"), (document.getElementById("info").innerHTML = e);
 }
 function loader(e, t, o) {
   window.addEventListener("load", function () {
@@ -39,9 +45,19 @@ function loader(e, t, o) {
     n.addEventListener("load", o), n.open(e, t), n.send();
   });
 }
+function info() {
+  if (obj = document.getElementById("info")) {
+    var n = new XMLHttpRequest();
+    n.addEventListener("load", info2), n.open("GET", "/api/info/"), n.send();
+  }
+}
 function fill() {
-  data = JSON.parse(this.response);
-  for (const form of document.forms) populate(form, data);
+  try {  
+    data = JSON.parse(this.response);
+    for (const form of document.forms) populate(form, data);
+  } catch (e) {  
+    console.log('invalid json');  
+  }
 }
 function filler(e, t) {
   window.addEventListener("load", function () {
@@ -53,6 +69,12 @@ function filler2(e, t) {
   var o = new XMLHttpRequest();
   o.addEventListener("load", fill), o.open(e, t), o.send();
 }
+function forms() {
+    document.querySelectorAll("form").forEach(function(f) {
+      console.log(f.id);
+      filler2("GET", "/api/config/" + f.id + "/");
+    });
+}
 function populate(e, t, o) {
   for (var n in t)
     if (t.hasOwnProperty(n)) {
@@ -101,3 +123,11 @@ function populate(e, t, o) {
         }
     }
 }
+
+
+window.addEventListener('load', (event) => {
+    console.log('The page has fully loaded');
+    forms();
+    info();
+    about();
+});
\ No newline at end of file
diff --git a/data/script.js.gz b/data/script.js.gz
index cc985c52405aacc0f114b25665a21046850ee9fc..c745156d79256685da353bb7eec5066272be1ae0 100644
GIT binary patch
literal 2374
zcmV-M3Ay$kiwFo@q~&4)0CQt<X>fEdYI6XsSZj0RG!*^L4FBQcVRmiSxDVdlwve{&
z){rJ4$-?e*I-uCsv9^w7B)K6h{qI~UcHD%fQy#P1){?HyIrrf!C23W}nu`LM#MDI(
z-hcQ3fI>ayGZd9}R|amq24E~5$9ri;cRuXlXYdK28Q*>Q!OFfWlNH`Alc3=U3Y^0k
z)98A^bV=bZVI=BG5=SE9YKDb2%VCb@@njJtt}~gHju$8y6N>XKJ96L!ApJPcezVWo
z^Wmetr39uHMGTD)Blqb-TsCK1Ly9`iTxUnc60uO3(BCFY9?MztdtM-J;M>O4gJlr+
zHzUC_J#%^D1O3fwAv^_FOx}@{Z7%b~^Oo@@yMPx3%8T)37mh5<1_hg#T-Df?&&hf0
z_|Ffs&yGcj#YJZ{INYJZsVEncPc!{2rl*&%zq|L%r~AA6`*1E<5pxAUu>yvI<KfOk
z9$!Xd=<=9iK;!cGusj~1oN=WLD;Z}fak79Z?bS#wrV<fE3US8d6n)SFSh0W-r4j{s
zq8TrEF$D&O-dO64V3bJpoJl0(1ej7H=8W)G!C}_Rl;@~iogp}*dV}Lxjs#f_ya2P-
zEWw=XjKTsEm6qHF$|s{ZuM(25TF&{5*92y}4URIPl|tXj^kF6vo|?aCy(+6o&Q<0^
z!VUDK(ln{eq>Yqs-Pi#kL1CU7435e=+v=;Wh^I6W)pd+4^E?x?HCq$vl->{`MY|^v
z6f?{D4r5I-);tw?F6QJMQ5Fd|KB<E`Z{rM2ncO18O$k6DG>>i2muV>5+}2AfW8}aD
z>$qWJqRj63B#j28DgB&MPzq^DH+>Bn5f>qh`sd@HJHrs75e$a?pQ5wy44lr0#*Pm^
zN8^kB>oJhUu+tmAh5k8odT-%}sCVW=_+~H+M<eJDA-WuNqmbsJ-f8#sS=4(4C$z8E
zr-F^BYzcJS2O?~sqHtuuF2mvJ1r0kVQ8yaD_2E1k_YCGafp%cf8IGgV*WJz#2Cs*M
z{wO5+GlK0!z4IZlgqLA&97H{ug77DLhS5c*+qF!c*Cc*u<(>8iZ->#Vi!ogEyJsOy
zo`fW<bJ7hBllAGe+lelHIO|+?UWIm7pHPNmwi5UAMQEppuS5S&$5FpWUJ!h5Jfxvd
zP7cSbtv^Sj(1*@28ku;U5Bmg9(KI{y7KHZoLW^P}4QmM@6El823R^8_VW&%2Big)X
zY%}`Yd)YRe@@DGz&S54^qEDE@1nO6+lz7WUrC=`P4TyB3R!x5bB`O&sBzTKCO~|@#
zsbf*=nsaK$gPdtJJ&f=lY-7;Lb3!^pSy9;nv!m~l<uDL(N*(QZv#T{M-Jf1{w}bER
zfiZv|QoR*G+%8!0>io?kD7%nbtKHAQ&9pAn!OqT<>#Ujtv6$^Ni=OeMX+#ng%3DkV
zOMEU7Pex~(<m2=4FE|=Rk8+=gWQOuV=H=2q=j|jcl@-^&JnHw}J~W096-i}!CaT~e
zHcR#pkxVLHi0`RGKEm_)r#4k5SO}sz>2`Xj7yaJ0j18*EsG6MS91Fc2boXll-TMN1
zJkCVU6!f35QmB_*WOC6!Z;{&-(?`^P<<qaPVVv=I3PLK@31iBKOF0x1p}*YsL9(pM
z6BPTqpMT|3!+G=7XFep^BBzc`mfs6g=aU>~Oy%gqEM@u4El-kdvVNq#Boc%v7ATn(
za+|t=6!u){u|;*mx5170tjzIzJQ$hW$;VuUAr^lKxa2C%xH&9fKA#7()zG}2Z9TNb
zw>7{qo>W>tS`A;ri6n3s2QXmr<{>C&^RAXrWOJmlm~p+jHDX{o7#8{rQ&#1=zAMI}
zP<nNpJQs3y#x!#=(B|%=J-@!bkwM=c(?Kf5EG%sGyE?%7$!p<6jzKP_?t8dpd4&hG
z`EFApFH*7J-1W3vG}rQk$cgIvQNI_IOe%EEnI2FmOG3sa$?^(}Wak`eMx}G?)bpv3
z;O0mU5rYNu8e}k6?IZa0P*ZQ$2`SB0$%><W>ZUrOUuNF^WcSuSey{InDO;}pYH8Mp
zL_>6?uf2M8lZ#Nq-2oV$dRT9`64wSjSx3KH{&6jaLrY5+J^zu97ABsKw|2v>gLMZn
z({Tp25CF{7dYYc|g7U-@ct?GS4nqLDZ9QMPU<pdsT!wuRbx`TxOT;{2NfMgE>T;#A
zAS=gMJ3g#^>}nHN)W!DZvU{O*ImF*8R82hs6x#uX=hLz|YONAGQdlJQ-UqA9ecFeW
zHi-X|R$Jk%UguRfrdel)m3+sn?Km6qH$$HCJYRc50G|GiG$m?ZZ}T_<k+z<j3FSd4
z%F0|wTr>79@c&pe)`Ple{#(U}$Fm@|0$K?aXR%f^Vr$W~s`p#jPtfo$6>L)5w5(ij
z(?wKrF~S^UEo6tv!ZDVPXYv@bICC2WH?22s<|_?&(u4~d7uSoD%u_zyF<%N8Yj{EP
zPP1n-N^R+^w**^s_QkQEWb2M--aQ>;O!eo*K$@GeUbsc`rZriXCc=K(LphE0RdH=4
zG%%}Wq7kHW7mkjO$n@DWaLoqC@$NwsRh~a;P-A>VCc>H+5yJR>Wdc!{r|Y#HJh1PS
ztV}K}c1KFKSoMCdHI=r3UtK#Z4=`6~-Ef3GOdSFMy(m$n!0&|v*5b>3kZtm8Vl^)+
zTut5G52NV~7~rz8si0spOd^dlx5cm$*gd7nemJ4Iz=(lA{{(imdu<16ssNJZ?cw15
z8~_XKQBTbL<@(A*BD-0ei<v@jBult(HehV^v{S853XZk~9=-(*2XMu&eTd0yw;^i@
z;gAI8SWI>H_r(`4)~CEp3w9M>2XTh+4JL%I0_tJ-dp~u1)og;&wd>Y>D(GYQbnl4~
zu#gk+`(_Z_Cpo(+$#x%mROOmP?}-|f?Kz*$DC4}$aZ~D(l&({?9ip_!g3@M3l$sMv
zlO-r$yx2@cYjss#2TNrezOGqVf7^^a*<0seYaB#@&i2X=v>0j0i>d3;8}#HiAz^wu
zYWpQG_Xs~4^&5&nl{we0Gj=?BRU6!<88m0H`M2%ReQr*u=RUY-rad@1hW8Jg^y3Vn
sWK#s{-;h#6T`X^d$@993>SL=J*-KY5u;1z05uG4^0e+!yxTqHZ0K5~Cod5s;

literal 2006
zcmV;{2Pya;iwFqu-gaUF0CQt<X>fEdYI6XsSPPTVFcAJLvEyi~wd(mktXiZ<l>?;p
zH8(dJ+J#0-Qj=6f<-fZLf~dzi&Ny>-G}+zn+gCT?rVY<E6P!>9Qy09i3UtQiAR6tu
z8=>ocHB!g%R-S(yZd?LywKZ(&!q|PHlIYOoupk|(!3$<<AlGY2(2eAz5P35Pu8kzF
zz&y5>N#Qz^dF^<Cl6mMnq@i;eE;|=K;-~h{U0+eP<T=^0p&x%?bLoOIO{Spp(siz?
zTmo=a3jMG!n22pTJTDL*9<H4~w80<j1Vty901SJt&lStjXT~|mUUt+EFWxV2JP<YT
zUX+gRU&X~^Q7<K%mHI-CPc3qA?fShd2iFb`NLNyxGeurfPR4@4{i_rC;3&yRpXKN(
zuImT)>jxu{bEcGW2bD{ZFj<lr+G;3#GL-;COi5l+IRl?)K`3968l*x4G0~K9#%F{Q
zLvJ*7i7-k`^#a31<$_S9M9wJUZHq%~_)}Jaa&-yBNq-nPp5-WjR)le4WE&A#FkNE4
zhy<l2vl;YJDX*FWUD%2%HfNS#ZElmJ3}~akw{H4mE($g^pJ1b^n@Pn~>63yP=t-k-
zQ{m=1Q@#!3DiM+>s49cOKw+@E{;jnPPi-=)f8@wAFG?~0Mc1TyirtE&U~LM4IkTMa
zA=kKL)u*DW!~%muN?tG%lRErSx2y!yKc9f)n-(BkXqMZgugg$xYr7Gtl41Z8_>ng#
zOqS_ROw#zEG?t%X32Gq?=^wEM8z*`(Nr&C+RWy!Cl9JJQ_%i9l9pXeOt{tDeO0wSY
zMMh9#91XHJWY{Iq;0<|}3_3oEUysIdnv&s|BuAru660Pnc-(){Nd`|y8|?-|Y}f?b
z7D2NiLBb7G5~l|2C>}rV;WBC`{Um$ilWvj?3}zQWBQlD{S@QTrKN^$Ki}7ff#z@~m
z*g-Prj*%rkiU(Pc3~-CYFY%eAy{O-}OwkK;er(-)JRH3lCr^4A=?(jx7&qH7Iu^D2
zv0<_?J?=-zkxx3&QS>CXRzpM?quSQFSH0M7Azy?)kF#Vrz$g%Ykd1NaW02!)Yx*il
zW1mFhBsKZyj)w@3*)$eI3xalo*rM1>lih-#ie0}*<Db5C;;4^UsWIMFwiUhT@0~>T
zhuJTa$hlui(*bR&pddfqwOYa_CK^Q+LVm!W`K^h~;37&iG6zz?C#Y~kt{d9SHJoV+
zhU0WpQ4MCeA^xfJjYL(2NF9(3_A{Y&^{7}c10iQP>K>dr?hv#8@=1R`_`!8z6v(rw
z-U}c;Eh&G}eSHSXHBwovYd45nYF(?tt5;`Cm(3)|#r*0<=$S}16H0;t`3Z`^5_cs)
zJMH{Vo^`XgkdBfwx!a<cgFKaaE&6xfsGw8XF#Yz-xUV0OjUq{S(U@ThDmabJlAT5*
zi-vLWR0)0t&&?~gRBhk_soMQ$@VGY|?5o(QnWW9+am9e^{h-(GUP0trWWe%LR8*1S
z1zHQ$>I0R_4fGy&`(k#6w|9K}bC+Z#d#^~0%{rk}`Q%8B#YE`a2R@OsY^nmp!L^%r
ze4IqD@7(Z7Q7$VS<*4~om_DCWFsG^lJhrB^`tXSr#Xh&5<G>OHkQs20R13M!yO9+3
zz!}hG^MUPyOWC}xpqq_SQ#*N9sALTMiy%i#<s~zx2w5x^!F;<kujkKx_}P4W6P!c4
z(fZ78xJ%j+!ATa75tScKgK~aex=PGx1=tXCrp+Y}0yDON>kdq5Q)#^1<$^0sbZ9Pq
zT_NWks;LWsHg_QH`63+JV>*~hF^{=za#siN<H=hChzf#A%v`)hRt+4A)y~C_@u@KP
zKEw^5ro%x{Q>nl;hjt)A)o2c0%UnMJC#|Mf`Ug&HDx_NhI)?Vd*rM~7!*};JPGVh<
zTvV#2JUqbJrwjaJ_U&)EBRl_9uTWI3<?ptjVgq`tPrMyiG!UypVj<VdA4<pKWc8Ei
z-3o0Sd|dmw{~$4;|8kPR&$Lv679d^lwJ*G{cxDu05zwNDO?moEY2YY!jGE)`es3_D
z;<j9`kNQ2W>oI(6K<O6WYc4#W2j)aFbmmzBFI;cs?UZTCs_L(0vKd@=jJ+yvBgg%@
z@@i2x=0HOlgYz5uI@*7ZRh$;9*lTW>ux)q375l;kd0;gDH_et~CmpuPCV94c_PXz}
zsjGvMs^Nl<B;rWDbh)?oMuyyHp+4p(EmZp?SV69ZVaP6Aa9QX$Si`2Oe%V;-oC`yN
zTQU@vonz-RzwDf#j0Lu4vdOiOXcb9Gm!8BXK0a|;P$?kD;t2buJ7K7oHDGm__jM-(
z=1cpsYsMQ`87FB70j&F71)R>INHok{R6{iCDSN|lX<*>KeWS<MPV6H#*?RgM(!kD(
zkhLZf=!aHL6*!U>OgM*|WU25}?;o<mV|L=_;k8zNp9U51nJ!!T<;xyD&QF58g!}^(
zp$f3s;PY_m4x0G{%V(vQ)$<-)xxPzmZ6@Ngb9go<Jp+9Yw1NsVdu5J6v$}%6Ftj$Y
z*BD)m(TUoAGucF0W0c#?<N736!~f#Yu6*s(={`A!yABEt&d;g@TBKSsK6AZq-+rl4
oLG_N}=6?n*^Ux$oha0Ov)fLmOlQ|w1f3;eD2WW?t;v5kG05(n29RL6T

diff --git a/src/sys/svc/hasp_http.cpp b/src/sys/svc/hasp_http.cpp
index eb368ea0..2504d1f1 100644
--- a/src/sys/svc/hasp_http.cpp
+++ b/src/sys/svc/hasp_http.cpp
@@ -611,7 +611,8 @@ static void webHandleAbout()
 
         httpMessage += "<div id='lic'></div>";
         httpMessage += FPSTR(MAIN_MENU_BUTTON);
-        httpMessage += "<div id='pkg'></div><script>window.addEventListener('load', about());</script>";
+        httpMessage += "<div id='pkg'></div>";
+        // TOREMOVE httpMessage += "<script>window.addEventListener('load', about());</script>";
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -633,7 +634,8 @@ static void webHandleInfoJson()
         htmldata += haspDevice.get_hostname();
         htmldata += F("</h1><hr>");
 
-        htmldata += "<div id=\"info\"></div><script>loader(\"GET\", \"/api/info/\", info)</script>";
+        htmldata += "<div id=\"info\"></div>";
+        // TOREMOVE httpdata += "<script>loader(\"GET\", \"/api/info/\", info)</script>";
         htmldata += FPSTR(MAIN_MENU_BUTTON);
 
         webSendHeader(haspDevice.get_hostname(), htmldata.length(), 0);
@@ -1151,7 +1153,7 @@ static void webHandleMqttConfig()
         httpMessage += F("</form></div>");
 
         add_form_button(httpMessage, F(D_BACK_ICON D_HTTP_CONFIGURATION), F("/config"));
-        // httpMessage += "<script>filler(\"GET\", \"/api/config/mqtt/\")</script>";
+        // TOREMOVE httpMessage += "<script>filler(\"GET\", \"/api/config/mqtt/\")</script>";
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -1247,7 +1249,7 @@ static void webHandleGuiConfig()
 
         add_form_button(httpMessage, F(D_HTTP_ANTIBURN), F("/config/gui?brn=1"));
         add_form_button(httpMessage, F(D_BACK_ICON D_HTTP_CONFIGURATION), F("/config"));
-        // httpMessage += F("<script>filler(\"GET\",\"/api/config/gui/\")</script>");
+        // TOREMOVE httpMessage += F("<script>filler(\"GET\",\"/api/config/gui/\")</script>");
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -1305,7 +1307,7 @@ static void webHandleWifiConfig()
         }
 #endif // HASP_USE_WIFI
 
-        // httpMessage += F("<script>filler(\"GET\",\"/api/config/wifi/\")</script>");
+        // TOREMOVE httpMessage += F("<script>filler(\"GET\",\"/api/config/wifi/\")</script>");
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -1348,7 +1350,7 @@ static void webHandleHttpConfig()
         httpMessage += F("</form></div>");
 
         httpMessage += F("<a href='/config'>" D_HTTP_CONFIGURATION "</a>");
-        // httpMessage += F("<script>filler(\"GET\",\"/api/config/http/\")</script>");
+        // TOREMOVE httpMessage += F("<script>filler(\"GET\",\"/api/config/http/\")</script>");
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -1792,7 +1794,7 @@ static void webHandleDebugConfig()
         // *******************************************************************
 
         add_form_button(httpMessage, F(D_BACK_ICON D_HTTP_CONFIGURATION), F("/config"));
-        // httpMessage += F("<script>filler(\"GET\",\"/api/config/debug/\")</script>");
+        // TOREMOVE httpMessage += F("<script>filler(\"GET\",\"/api/config/debug/\")</script>");
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -1909,7 +1911,7 @@ static void webHandleHaspConfig()
         httpMessage += F("</form></div>");
 
         httpMessage += FPSTR(MAIN_MENU_BUTTON);
-        // httpMessage += F("<script>filler(\"GET\",\"/api/config/hasp/\")</script>");
+        // TOREMOVE httpMessage += F("<script>filler(\"GET\",\"/api/config/hasp/\")</script>");
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);
@@ -2039,7 +2041,7 @@ static void webHandleFirmware()
         httpMessage += F("</form></div>");
 
         httpMessage += FPSTR(MAIN_MENU_BUTTON);
-        // httpMessage += "<script>filler(\"GET\", \"/api/config/ota/\")</script>";
+        // TOREMOVE TOREMOVE httpMessage += "<script>filler(\"GET\", \"/api/config/ota/\")</script>";
 
         webSendHeader(haspDevice.get_hostname(), httpMessage.length(), 0);
         webServer.sendContent(httpMessage);