diff options
| author | Omar Roth <omarroth@protonmail.com> | 2019-05-30 18:32:47 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@protonmail.com> | 2019-05-30 19:00:38 -0500 |
| commit | 4cf3c6a6162101e5cabb8768b9ebab6655fc2270 (patch) | |
| tree | 622677f96d8bf694dfa183ca14ea47b95f7977bd | |
| parent | da48bbf31237b354a8dd94bd7550f4548437cb1c (diff) | |
| download | invidious-4cf3c6a6162101e5cabb8768b9ebab6655fc2270.tar.gz invidious-4cf3c6a6162101e5cabb8768b9ebab6655fc2270.tar.bz2 invidious-4cf3c6a6162101e5cabb8768b9ebab6655fc2270.zip | |
HTML-escape strings to '/api/v1/auth/preferences'
| -rw-r--r-- | src/invidious/users.cr | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/src/invidious/users.cr b/src/invidious/users.cr index b1af9d05..298d6b0d 100644 --- a/src/invidious/users.cr +++ b/src/invidious/users.cr @@ -40,10 +40,10 @@ struct Preferences begin result = [] of String value.read_array do - result << value.read_string + result << HTML.escape(value.read_string) end rescue ex - result = [value.read_string, ""] + result = [HTML.escape(value.read_string), ""] end result @@ -69,11 +69,11 @@ struct Preferences node.raise "Expected scalar, not #{item.class}" end - result << item.value + result << HTML.escape(item.value) end rescue ex if node.is_a?(YAML::Nodes::Scalar) - result = [node.value, ""] + result = [HTML.escape(node.value), ""] else result = ["", ""] end @@ -83,6 +83,24 @@ struct Preferences end end + module EscapeString + def self.to_json(value : String, json : JSON::Builder) + json.string value + end + + def self.from_json(value : JSON::PullParser) : String + HTML.escape(value.read_string) + end + + def self.to_yaml(value : String, yaml : YAML::Nodes::Builder) + yaml.scalar value + end + + def self.from_yaml(ctx : YAML::ParseContext, node : YAML::Nodes::Node) : String + HTML.escape(node.value) + end + end + json_mapping({ annotations: {type: Bool, default: CONFIG.default_user_preferences.annotations}, annotations_subscribed: {type: Bool, default: CONFIG.default_user_preferences.annotations_subscribed}, @@ -95,13 +113,13 @@ struct Preferences latest_only: {type: Bool, default: CONFIG.default_user_preferences.latest_only}, listen: {type: Bool, default: CONFIG.default_user_preferences.listen}, local: {type: Bool, default: CONFIG.default_user_preferences.local}, - locale: {type: String, default: CONFIG.default_user_preferences.locale}, + locale: {type: String, default: CONFIG.default_user_preferences.locale, converter: EscapeString}, max_results: {type: Int32, default: CONFIG.default_user_preferences.max_results}, notifications_only: {type: Bool, default: CONFIG.default_user_preferences.notifications_only}, - quality: {type: String, default: CONFIG.default_user_preferences.quality}, + quality: {type: String, default: CONFIG.default_user_preferences.quality, converter: EscapeString}, redirect_feed: {type: Bool, default: CONFIG.default_user_preferences.redirect_feed}, related_videos: {type: Bool, default: CONFIG.default_user_preferences.related_videos}, - sort: {type: String, default: CONFIG.default_user_preferences.sort}, + sort: {type: String, default: CONFIG.default_user_preferences.sort, converter: EscapeString}, speed: {type: Float32, default: CONFIG.default_user_preferences.speed}, thin_mode: {type: Bool, default: CONFIG.default_user_preferences.thin_mode}, unseen_only: {type: Bool, default: CONFIG.default_user_preferences.unseen_only}, |