HTML: Fix XSS vulnerability in description/comments (#4852) - invidious - Invidious is an alternative front-end to YouTube

diff options

author	Samantaz Fox <coding@samantaz.fr>	2024-08-24 20:49:17 +0200
committer	Samantaz Fox <coding@samantaz.fr>	2024-08-24 20:50:05 +0200
commit	2876ee0f9f28060c1cfe9d299a5f8743a73ac054 (patch)
tree	c8e27dfec9089f9e78d822b70fb0a68ace0014ae /locales
parent	0699e5fc2746e11caf088ce328774b26035cfaa8 (diff)
parent	0b28054f8ac4066d5f2966a75a92eb935247d737 (diff)
download	invidious-2876ee0f9f28060c1cfe9d299a5f8743a73ac054.tar.gz invidious-2876ee0f9f28060c1cfe9d299a5f8743a73ac054.tar.bz2 invidious-2876ee0f9f28060c1cfe9d299a5f8743a73ac054.zip

HTML: Fix XSS vulnerability in description/comments (#4852)

Before this PR, the comment/description content was not HTML escaped when 'parse_description()' was called with a JSON object lacking the "commandRuns" entry. Closes issue 4727

Diffstat (limited to 'locales')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: