Escape search query in "next page" and "previous page" links

author: Omar Roth <omarroth@hotmail.com> 2018-10-02 09:08:18 -0500
committer: Omar Roth <omarroth@hotmail.com> 2018-10-02 09:08:18 -0500
commit: 236358d3ad2c92991a311eb2c60335ce232c9c8b (patch)
tree: ae5032f9f96a5692bac5543a218b38432c401937
parent: 43d6b65b4fdd40d4ebbe8967d22cd9eb23fbc66e (diff)
download: invidious-236358d3ad2c92991a311eb2c60335ce232c9c8b.tar.gz
invidious-236358d3ad2c92991a311eb2c60335ce232c9c8b.tar.bz2
invidious-236358d3ad2c92991a311eb2c60335ce232c9c8b.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/invidious/views/search.ecr b/src/invidious/views/search.ecr
index d55cba28..f02afedd 100644
--- a/src/invidious/views/search.ecr
+++ b/src/invidious/views/search.ecr
@@ -13,13 +13,13 @@
 <div class="pure-g h-box">
     <div class="pure-u-1 pure-u-md-1-5">
     <% if page >= 2 %>
-        <a href="/search?q=<%= query %>&page=<%= page - 1 %>">Previous page</a>
+        <a href="/search?q=<%= HTML.escape(query.not_nil!) %>&page=<%= page - 1 %>">Previous page</a>
     <% end %>
     </div>
     <div class="pure-u-1 pure-u-md-3-5"></div>
     <div style="text-align:right;" class="pure-u-1 pure-u-md-1-5">
     <% if count >= 20 %>
-        <a href="/search?q=<%= query %>&page=<%= page + 1 %>">Next page</a>
+        <a href="/search?q=<%= HTML.escape(query.not_nil!) %>&page=<%= page + 1 %>">Next page</a>
     <% end %>
     </div>
 </div>
author	Omar Roth <omarroth@hotmail.com>	2018-10-02 09:08:18 -0500
committer	Omar Roth <omarroth@hotmail.com>	2018-10-02 09:08:18 -0500
commit	236358d3ad2c92991a311eb2c60335ce232c9c8b (patch)
tree	ae5032f9f96a5692bac5543a218b38432c401937
parent	43d6b65b4fdd40d4ebbe8967d22cd9eb23fbc66e (diff)
download	invidious-236358d3ad2c92991a311eb2c60335ce232c9c8b.tar.gz invidious-236358d3ad2c92991a311eb2c60335ce232c9c8b.tar.bz2 invidious-236358d3ad2c92991a311eb2c60335ce232c9c8b.zip