diff options
| author | Omar Roth <omarroth@hotmail.com> | 2018-08-01 16:07:47 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@hotmail.com> | 2018-08-01 16:07:47 -0500 |
| commit | 25bf44d7adb6784cca1990112a2f4f35bf00a2f3 (patch) | |
| tree | f39ef4347d133fb5c4b2bd2ca45931cafc7bf1c5 | |
| parent | 01d23c6191cb91129d2efda8bdab951f41678eb6 (diff) | |
| download | invidious-25bf44d7adb6784cca1990112a2f4f35bf00a2f3.tar.gz invidious-25bf44d7adb6784cca1990112a2f4f35bf00a2f3.tar.bz2 invidious-25bf44d7adb6784cca1990112a2f4f35bf00a2f3.zip | |
HTML escape title on watch and embed pages
| -rw-r--r-- | src/invidious/views/embed.ecr | 4 | ||||
| -rw-r--r-- | src/invidious/views/watch.ecr | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/src/invidious/views/embed.ecr b/src/invidious/views/embed.ecr index b23917db..315d06af 100644 --- a/src/invidious/views/embed.ecr +++ b/src/invidious/views/embed.ecr @@ -14,7 +14,7 @@ <script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script> <script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script> <script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script> -<title><%= video.title %> - Invidious</title> +<title><%= HTML.escape(video.title) %> - Invidious</title> </head> <body> @@ -82,7 +82,7 @@ var shareOptions = { socials: ["fb", "tw", "reddit", "mail"], url: "<%= host_url %>/<%= video.id %>?<%= host_params %>", - title: "<%= video.title %>", + title: "<%= HTML.escape(video.title) %>", description: "<%= description %>", image: '<%= thumbnail %>', embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360' diff --git a/src/invidious/views/watch.ecr b/src/invidious/views/watch.ecr index 545c952d..79a4c468 100644 --- a/src/invidious/views/watch.ecr +++ b/src/invidious/views/watch.ecr @@ -4,7 +4,7 @@ <meta name="keywords" content="<%= video.info["keywords"] %>"> <meta property="og:site_name" content="Invidious"> <meta property="og:url" content="<%= host_url %>/watch?v=<%= video.id %>"> -<meta property="og:title" content="<%= video.title %>"> +<meta property="og:title" content="<%= HTML.escape(video.title) %>"> <meta property="og:image" content="https://i.ytimg.com/vi/<%= video.id %>/hqdefault.jpg"> <meta property="og:description" content="<%= description %>"> <meta property="og:type" content="video.other"> @@ -16,7 +16,7 @@ <meta name="twitter:card" content="player"> <meta name="twitter:site" content="@omarroth"> <meta name="twitter:url" content="<%= host_url %>/watch?v=<%= video.id %>"> -<meta name="twitter:title" content="<%= video.title %>"> +<meta name="twitter:title" content="<%= HTML.escape(video.title) %>"> <meta name="twitter:description" content="<%= description %>"> <meta name="twitter:image" content="https://i.ytimg.com/vi/<%= video.id %>/maxresdefault.jpg"> <meta name="twitter:player" content="<%= host_url %>/embed/<%= video.id %>"> @@ -31,7 +31,7 @@ <script src="https://unpkg.com/silvermine-videojs-quality-selector@1.1.2/dist/js/silvermine-videojs-quality-selector.min.js"></script> <script src="https://unpkg.com/videojs-markers@1.0.1/dist/videojs-markers.min.js"></script> <script src="https://unpkg.com/videojs-share@1.1.0/dist/videojs-share.min.js"></script> -<title><%= video.title %> - Invidious</title> +<title><%= HTML.escape(video.title) %> - Invidious</title> <% end %> <% if hlsvp %> @@ -92,7 +92,7 @@ var shareOptions = { socials: ["fb", "tw", "reddit", "mail"], url: "<%= host_url %>/<%= video.id %>?<%= host_params %>", - title: "<%= video.title %>", + title: "<%= HTML.escape(video.title) %>", description: "<%= description %>", image: '<%= thumbnail %>', embedCode: `<iframe id='ivplayer' type='text/html' width='640' height='360' @@ -312,7 +312,7 @@ get_youtube_comments(); <div class="h-box"> <h1> - <%= video.title %> + <%= HTML.escape(video.title) %> <% if listen %> <a href="/watch?<%= env.params.query %>"> <i class="icon ion-ios-videocam" aria-hidden="true"></i> |