Merge pull request #3205 from iv-org/escape-username

author: Samantaz Fox <coding@samantaz.fr> 2022-07-15 00:30:10 +0200
committer: Samantaz Fox <coding@samantaz.fr> 2022-07-15 00:30:10 +0200
commit: 88007a08f20bda3891986312760d83adbdb800e5 (patch)
tree: be373c8cfef3605e80235f994451ddfd4cfe2674
parent: 0ed22c0be0a26cc4ff54a4c55ed704e9bfbd4fea (diff)
parent: 6c4ed282bb8e2a6ed0c756ea012f6b1fa8e6cc48 (diff)
download: invidious-88007a08f20bda3891986312760d83adbdb800e5.tar.gz
invidious-88007a08f20bda3891986312760d83adbdb800e5.tar.bz2
invidious-88007a08f20bda3891986312760d83adbdb800e5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious/views/template.ecr b/src/invidious/views/template.ecr
index 4e2b29f0..caf5299f 100644
--- a/src/invidious/views/template.ecr
+++ b/src/invidious/views/template.ecr
@@ -68,7 +68,7 @@
                         </div>
                         <% if env.get("preferences").as(Preferences).show_nick %>
                             <div class="pure-u-1-4">
-                                <span id="user_name"><%= env.get("user").as(Invidious::User).email %></span>
+                                <span id="user_name"><%= HTML.escape(env.get("user").as(Invidious::User).email) %></span>
                             </div>
                         <% end %>
                         <div class="pure-u-1-4">
author	Samantaz Fox <coding@samantaz.fr>	2022-07-15 00:30:10 +0200
committer	Samantaz Fox <coding@samantaz.fr>	2022-07-15 00:30:10 +0200
commit	88007a08f20bda3891986312760d83adbdb800e5 (patch)
tree	be373c8cfef3605e80235f994451ddfd4cfe2674
parent	0ed22c0be0a26cc4ff54a4c55ed704e9bfbd4fea (diff)
parent	6c4ed282bb8e2a6ed0c756ea012f6b1fa8e6cc48 (diff)
download	invidious-88007a08f20bda3891986312760d83adbdb800e5.tar.gz invidious-88007a08f20bda3891986312760d83adbdb800e5.tar.bz2 invidious-88007a08f20bda3891986312760d83adbdb800e5.zip