diff options
| author | Omar Roth <omarroth@protonmail.com> | 2020-03-10 11:25:32 -0400 |
|---|---|---|
| committer | Omar Roth <omarroth@protonmail.com> | 2020-03-10 11:25:32 -0400 |
| commit | f92027c44b043c19188ce9945c3f05e6dc90de5a (patch) | |
| tree | 6859382f26223e7c8ee9075747c1825ee9c4bda8 | |
| parent | 1443335315651b5a2ea7dc320d20c7b0dee41b63 (diff) | |
| download | invidious-f92027c44b043c19188ce9945c3f05e6dc90de5a.tar.gz invidious-f92027c44b043c19188ce9945c3f05e6dc90de5a.tar.bz2 invidious-f92027c44b043c19188ce9945c3f05e6dc90de5a.zip | |
Escape 'sort_by'
| -rw-r--r-- | src/invidious/views/channel.ecr | 4 | ||||
| -rw-r--r-- | src/invidious/views/playlists.ecr | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/src/invidious/views/channel.ecr b/src/invidious/views/channel.ecr index b5eb46ea..4e9c7a63 100644 --- a/src/invidious/views/channel.ecr +++ b/src/invidious/views/channel.ecr @@ -92,7 +92,7 @@ <div class="pure-g h-box"> <div class="pure-u-1 pure-u-lg-1-5"> <% if page > 1 %> - <a href="/channel/<%= channel.ucid %>?page=<%= page - 1 %><% if sort_by != "newest" %>&sort_by=<%= sort_by %><% end %>"> + <a href="/channel/<%= channel.ucid %>?page=<%= page - 1 %><% if sort_by != "newest" %>&sort_by=<%= HTML.escape(sort_by) %><% end %>"> <%= translate(locale, "Previous page") %> </a> <% end %> @@ -100,7 +100,7 @@ <div class="pure-u-1 pure-u-lg-3-5"></div> <div class="pure-u-1 pure-u-lg-1-5" style="text-align:right"> <% if count == 60 %> - <a href="/channel/<%= channel.ucid %>?page=<%= page + 1 %><% if sort_by != "newest" %>&sort_by=<%= sort_by %><% end %>"> + <a href="/channel/<%= channel.ucid %>?page=<%= page + 1 %><% if sort_by != "newest" %>&sort_by=<%= HTML.escape(sort_by) %><% end %>"> <%= translate(locale, "Next page") %> </a> <% end %> diff --git a/src/invidious/views/playlists.ecr b/src/invidious/views/playlists.ecr index a32192b5..0c48be96 100644 --- a/src/invidious/views/playlists.ecr +++ b/src/invidious/views/playlists.ecr @@ -90,7 +90,7 @@ <div class="pure-u-1 pure-u-md-4-5"></div> <div class="pure-u-1 pure-u-lg-1-5" style="text-align:right"> <% if continuation %> - <a href="/channel/<%= channel.ucid %>/playlists?continuation=<%= continuation %><% if sort_by != "last" %>&sort_by=<%= sort_by %><% end %>"> + <a href="/channel/<%= channel.ucid %>/playlists?continuation=<%= continuation %><% if sort_by != "last" %>&sort_by=<%= HTML.escape(sort_by) %><% end %>"> <%= translate(locale, "Next page") %> </a> <% end %> |